consultation assessment report - paymentsforum.uk · 03/07/2017 · 1.3 improving trust in payments...

Consultation AssessmentReportDecember 2017

Consultation Assessment Report December 2017

1

Contents1 Background ................................................................................................................................ 3

1.1 The Forum .......................................................................................................................... 3

1.2 The NPA in Alignment with our Principles ............................................................................. 4

1.3 Improving Trust in Payments ................................................................................................ 5

1.4 Consultation Phase and Next Steps ....................................................................................... 5

1.5 Documentation ................................................................................................................... 6

2 Consultation overview ................................................................................................................. 7

2.1 Consultation Process ............................................................................................................ 7

2.2 The New Payments Architecture ........................................................................................... 8

2.2.1 Notable Response Themes ............................................................................................ 8

2.2.2 NPA Themes and Treatment Plans ............................................................................... 13

2.3 Collaborative Requirements and Rules for the End-User Needs Solutions............................... 17

2.3.1 Notable Response Themes .......................................................................................... 17

2.3.2 Themes and Treatment Plans ...................................................................................... 19

2.4 Implementation Plan .......................................................................................................... 25



2.5 Cost Benefit Analysis of the NPA ........................................................................................ 31



2.6 NPA Commercial Approach and Economic Models .............................................................. 33


2.7 Improving Trust in Payments .............................................................................................. 35

2.7.1 Notable Response Themes – Payments Transaction Data Sharing and Data Analytics...... 35

2.7.2 Themes and Treatment Plans – Payments Transaction Data Sharing and Data Analytics .. 36

2.7.3 Notable Response Themes – Trusted KYC Data Sharing ................................................ 37

2.7.4 Themes and Treatment Plans – Trusted KYC Data Sharing ............................................ 38

3 Appendices ............................................................................................................................... 39

3.1 Appendix 1 – Respondents to the Consultation ................................................................... 39

3.2 Appendix 2 – Consultation Response Analysis ..................................................................... 40

3.2.1 A New Payments Architecture .................................................................................... 40

3.2.2 Collaborative Requirements and Rules for the three End-User Solutions ........................ 48

3.2.3 Implementation Plan .................................................................................................. 83

3.2.4 Cost Benefit Analysis of the NPA ................................................................................. 87

3.2.5 NPA Commercial Approach and Economic Models....................................................... 90


2

3.2.6 Improving Trust in Payments ....................................................................................... 97

3.3 Appendix 3 – Improving Trust in Payments Solution Updates.............................................. 117

3.3.1 Liability Models for Indirect Access ............................................................................ 117

3.3.2 Guidelines for Identity Verification, Authentication and Risk Assessment ..................... 117

3.3.3 Customer Education and Awareness ......................................................................... 117

3.3.4 Financial Crime Data and Information Sharing ........................................................... 118

3.3.5 Enhancement of Sanctions Data Quality .................................................................... 118


3

1 Background1.1 The ForumThe Payment Strategy Forum (the Forum) was established in October 2015 by the Payment SystemsRegulator (PSR). It represents the first times those who have an interest in payments in the UK haveworked together to plan a future that meets the needs of all users, to close the needs gap, address enduser detriments, and unlock competition and innovation.

In November 2016, the Forum published its Strategy. It set out a bold vision for the future of UK retailinterbank payment systems.

Figure 1: Our vision and objectives

We chose seven principles to support our vision for the future, and address known detriments identifiedby the Payments Community.

Figure 2: Principles to support our vision


4

We identified five key challenges that needed to be addressed:

Figure 3: Key challenges to the UK payments industry

In our Strategy, we proposed:· The development and implementation of a New Payments Architecture (NPA) to introduce

effective competition between providers of payment services, composed of a layered structure tomake it easier for innovation to occur at a quicker pace. It will provide security, stability andresilience.

· The consolidation of the three main UK retail Payment System Operators: Bacs Payment SchemesLimited (BPSL), Cheque and Credit Clearing Company Limited (C&CCCL) and Faster PaymentsScheme Limited (FPSL) into a single entity – the New Payment System Operator (NPSO). TheNPSO will take ownership of the NPA design and implementation.

· A set of solutions to help prevent or reduce the impact of financial crime on users.

Building on the concepts outlined in our Strategy, we published a draft blueprint for consultation in July2017. This Consultation Assessment Report provides an overview of our final NPA Blueprint, theresponses to the consultation and how your feedback has been taken into account to shape the wayforwards.

1.2 The NPA in Alignment with our PrinciplesThe design of the NPA was led by the desire to enhance user experiences, address user detriments andprovide a platform for the UK to continue to be a global payments leader. Moving to a new modernarchitecture provides an opportunity to address historical problems of slow innovation, and theconcentration of ownership and control of payment systems.

The key design features of the NPA in alignment with our principles are:

· A layered approach with a ‘thin’ collaborative infrastructure to enable competition andinnovation.

· A single set of standards and rules with strong central governance.· Adoption of a common international messaging standard, ISO 20022, to enable access,

innovation and interoperability, in the UK and potentially for international connectivity.· Security and resilience, with financial stability as a key principle.


5

· The use of a technical ‘push payments’ mechanism to enable simplicity and increase customercontrol.

· Flexibility built into the design to support a range of existing and new end-user overlay servicessuch as Direct Debit, Request to Pay and Assurance Data including Confirmation of Payee.

The combination of a ‘thin’ centre, overlay services and interoperable standards provides the basis forfuture payment systems infrastructure to be more agile and flexible than what exists today whilemaintaining security, stability and resilience. It aims to drive competition and innovation across thepayments value chain in the interest of users. Where there is demand, there should be the ability tolaunch new services more quickly.

1.3 Improving Trust in PaymentsOur Strategy and solution design documentation propose solutions to engender user trust in safe andcertain payments through collaboratively preventing financial crime. Each solution looks to addressdetriments faced by consumers and payments community organisations.

We committed to consulting on a subset of solutions. In this document, we summarise the responses wereceived in consultation for Payments Transaction Data Sharing and Data Analytics, and the Trusted KYCData Sharing solutions. The responses allowed us to progress the solution proposals, updates arereflected in our final solution documentation that is in the final stages of handover to the NPSO and UKFinance.

For each solution, we plans in place to hand over ongoing solution activities to appropriate industrybodies. An update on the progress of the solutions not included in our July consultation can be found inthe appendix1.

1.4 Consultation Phase and Next StepsThe Strategy, NPA Blueprint and Financial Crime documentation are the culmination of over two years ofwork undertaken by individuals across the Payments Community. The Community has grown to over 650individuals, from over 350 organisations. The participation of these individuals and organisationsdemonstrates a significant level of collaboration and commitment from across the payments industry.These individuals have dedicated a significant amount of time alongside their full-time workloads at theirrespective organisations.

We would like to express our sincere gratitude to the payments community. This journey would not havebeen possible without their valuable ideas, insights, challenges, consideration and hard work.

We would also like to thank those individuals and organisations that provided responses to our twoconsultations. The insights provided have been invaluable in shaping our thinking and providingadditional insights into our solutions and plans.

We have analysed and acted on your feedback, which included reaching out to particular stakeholders forfurther clarification and sharing our updated thinking. This process has resulted in both this documentand the updated documents outlined in the section below. We also highlight areas where further work isrequired to forward our vision.

We have concluded that our approach and its technical viability were broadly supported by the PaymentsCommunity in both consultation responses and our follow-up work. We do however particularlyacknowledge the need for additional detailed design work on the unattended payments capability,especially Direct Debit. We thank the Community for helping us shape our thinking for this next phase ofactivity.

The ongoing design and implementation of the NPA is handing over to the NPSO, and the individualFinancial Crime solutions handing over to the NPSO and UK Finance, for these organisations to make thevision outlined in our NPA Blueprint and Financial Crime solution documents a reality, and to maintain thesame level of engagement with the Payments Community.

1 Appendix 3 provides an update on the progress and handover of our solutions that did not form part of the main consultation.


6

1.5 DocumentationTaking into consideration feedback from the consultation, updates have been made to the Forumdocuments.

The NPA Blueprint consists of the following documents:· NPA Design and Transition Blueprint· Collaborative Requirements and Rules for the End User Needs Solutions Blueprint· Request to Pay Technical Solution Blueprint· NPA Implementation Plan Blueprint· Cost Benefit Analysis of the NPA Blueprint· NPA Commercial Approach and Economic Models Blueprint· “Fresh Eyes” Risk Assessment

The Financial Crime documents are:· Payments Transaction Data Sharing and Data Analytics:

o Solution Scope and Governance Oversighto Solution Implementation Approach

· Trusted KYC Data Sharingo Standards Scope and Governance Oversighto Framework Implementation

· Financial Crime Information and Data Sharing: Solution Paper· Guidelines for Identity Verification, Authentication and Risk Assessment

o Executive Summaryo Guidelines Scope

· Liability Models for Indirect Access: Solution Paper· Enhancement of Sanctions Data Quality: Solution Paper· Customer Educations and Awareness: Solution Paper


7

2 Consultation overview2.1 Consultation ProcessThis consultation report summarises the responses to the 66 questions posed in our July 2017consultation paper on the “Blueprint for the Future of UK Payments”. In total, we received 48 responsesto the questionnaire from a wide range of stakeholders including consumer groups, businesses, tradebodies, infrastructure and software providers, Payment System Operators (PSOs), both bank and non-bank Payment Service Providers (PSPs), FinTech firms and individual experts. We received an additional 11letters in response to the consultation report. We are grateful to all those who took the time to provideinput into this process.

The responses were used to provide insights and to inform the development of the NPA Blueprint, withthe free-format comments being particularly useful. We undertook to respect the wishes of therespondents who regarded the information provided as confidential, to the extent permitted by law. Theresults shown in this consultation report are therefore presented in aggregate form only; no responseshave been individually identified.

Some judgement has been required to summarise some of the consultation results (e.g. where individualrespondents’ answers appeared contradictory, or where the organisation did not give a definitiveanswer).

The responses are categorised throughout this document by organisation types as outlined below.

Figure 4: Number of respondents per type of organisation

The analysis in this section has been sub-divided into the consultation subject areas and for each topic ispresented in two stages:

· Notable response themes. Summarising the overall message/s for that subject area together withour analysis of those responses and associated actions at a high level.

· Themes and treatment plans. An analysis of responses received on that subject, withcommentary as to how we have addressed the responses.

The appendix contains a question by question analysis of the responses received.

3

6 6

19

3 2

20

Consumer Corporate Government PSP SME Trade Body Vendor


8

The process undertaken to analyse the feedback from respondents to prepare themes, withcorresponding responses is outlined below.

Figure 5: Process to show how the final report was produced

As the diagram above shows, we processed the responses provided in questionnaire format to producethe statistics and graphs used in this document. The question narrative and responses in letter formatwere read and evaluated by our different workstream members, to produce updated designs andrecommendations. The quantitative and qualitative analysis was used to create this final ConsultationAssessment Report.

2.2 The New Payments ArchitectureOur work in 2017 built on our Strategy published in November 2016 by issuing the draft blueprint forconsultation in July, which set out a rationale, design and implementation approach for the NewPayments Architecture (NPA).

Consultation feedback has given us sufficient reassurance in the case for the NPA as a means to providesimpler access, ensure ongoing stability and resilience, encourage greater innovation and competition, aswell as to enhance adaptability and security to meet the needs of current and future generations ofpayment service users.

This architectural approach and its technical viability were broadly supported by the Payments Communityin both consultation responses and our follow up work. We do however acknowledge the need foradditional detailed design work on the unattended payments capability, especially Direct Debit.

2.2.1 Notable Response ThemesBelow we set out notable themes that emerged from the responses to this section of the consultation.We outline the responses received about centralised clearing and settlement, the move to a pushpayments mechanism and the requirement for further analysis for the implementation of Direct Debitusing a push payments mechanism. Finally we provide a high level overview of our proposed architecture,and identify areas where further analysis will be required during the next phase of design andimplementation.


9

2.2.1.1 Strong agreement with the recommended clearing and settlement option

During our July 2017 consultation, we discussed the merits and disadvantages of centralised anddistributed approaches to clearing and settlement. We recommended the centralised clearing andsettlement process as the preferred approach.

28 organisations supported the recommendation for a centralised clearing and settlement model, 2organisations did not and 18 did not state a preference. One respondent noted that in relation to clearingand settlement the views of the Bank of England will be paramount.

The 18 organisations who didn’t state a preference didn’t provide comments except for one. An existingPayment System Operator (PSO) stated that it was not possible to reach the right conclusion withoutrigorous testing and assessment, which is consistent with their broader response sharing the view thatmore analysis is needed.

Figure 6: Agreement with the recommended centralised clearing and settlement option

Having considered the responses we received, we believe that the centralised approach to clearing andsettlement remains the correct decision.

2.2.1.2 Mixed response to the move towards a push model

In the consultation paper, we recommended that a push only model would offer the advantages ofgreater flexibility and control, and a simplified payments approach through the use of one mechanism.We asked respondents whether they agreed with our recommendation to move towards a push paymentmechanism for all payment types.

20 organisations agreed with the recommendation of moving to a push mechanism, 17 disagreed and 11did not respond. The 17 organisations who disagreed with the proposition had one main concern – thefuture of Direct Debit within the UK’s payments ecosystem.

1

4 53 2 1 2

21

12

1

14

0

2

4

6

8

10

12

14

16

18


Yes No No answer


10

Figure 7: Agreement with technical 'push' payment mechanism

We would like to assure all parties that our intention is to ensure the continued operation of Direct Debiton the new payments architecture.

2.2.1.3 Further analysis required of adopting the push model for Direct Debits

Given our proposed move of all payment types to use a ‘push’ payment mechanism, we identifiedbenefits and challenges associated with this change. We asked whether the implications of making thismove to a ‘push’ payments model had been adequately captured.

10 organisations agreed that the implications of adopting a technical push payment mechanism wereadequately identified, 17 disagreed and 21 did not respond.

Examples of themes from the 17 organisations who disagreed are:

· A lack of detail around the proposed move towards a push payments mechanism, i.e. capturingthe implications of moving Direct Debits to a technical ‘push’ payment mechanism.

· A lack of sufficient engagement and assessment to fully understand the implications of adoptinga push model, particularly for those corporates and charities with a level of access to theinfrastructure.

1 13 2

42

1

8

1

5

24

6

1

7

0

2

4

6

8

10

12

14

16

18


Yes No No answer


11

Figure 8: The implications of adopting a push model

Since the publication of the consultation paper in July and the analysis of the responses from theconsultation we have undertaken the following additional work

· Continued engagement with Bacs through attendance of Bacs Affiliates sessions.

· Further clarification of the use of the push model, which has been reflected in the final NPABlueprint.

· Further engagement with respondents that expressed concerns to explain the technicalmechanism in greater detail.

· The analysis of the unattended payments requirements and design has started earlier thaninitially planned to allow longer to resolve the remaining concerns. The initial phase of analysis issummarised in the next two sections.

2.2.1.4 The development of the New Payments Architecture

Our proposed architectural approach envisages an evolution and enhancement of the existing UKinterbank retail payment schemes and systems, leveraging complementary industry initiatives such asOpen Banking.

The NPA will be underpinned by a single defined and simplified ISO20022 clearing and settlementcapability that processes the payments messages for all payment types and that the NPSO will run a singlecompetitive procurement to select the supplier(s) for this capability.

Existing and new services will be delivered by the market as competitive overlays – including Direct Debit.Whilst the NPSO is not expected to procure these, they will be responsible for the development andmanagement of the rules and standards for the overlay services.

The next section outlines further areas of investigation which have been identified. This work will betaken forward by the NPSO in collaboration with key stakeholder groups. The next level of design of theNPA and the timelines for these activities will be subject to the oversight of the NPSO. There will be anumber of design and proof points as part of the delivery governance model for the NPA to ensurealignment with the overall NPA architectural end goal and principles.

4

6

7

1

8

1

5

1

2

3

5

4

1

0 2 4 6 8 10 12 14 16 18

Vendor

Trade Body

SME

PSP

Government

Corporate

Consumer

Yes No No answer


12

2.2.1.5 Overview of areas for further detailed analysis

Our work since consultation, and further discussion with stakeholders has resulted in a list of key detaileddesign areas to focus on in more detail (see below). In particular and in common with many respondents,we recognise the importance that the payments industry places on Direct Debit.

The NPSO will be responsible for performing the next phase of design work for each of these key areas offocus. The result of this design work should be to determine the optimal solution for delivering thecurrent retail payments system operators’ products and services over the NPA that meets with regulators’requirements to enable competition, address customer detriments, limit disruption to service users, andensure stability and resilience.

I. Architecture & Payment Processing

· The role of the TPSP routing / validating / disaggregating payment files in place of retail paymentssystem operators.

· The control of CASS during the validation process that the TPSP is now handling.

· The impact of replacing Bacs “A-Messages” with a new interface e.g. amending mandates viathe existing ADDACS message.

· The potential clearing cycle for Direct Debits and Direct Credits.

· Identifying any additional detriments within existing retail payments system operators’ servicesthat need to be addressed during the service refresh.

II. Legal

· There will be a set of legal activities initiated by the NPSO in 2018 to assess the impact of theNPA on existing payment instruments, e.g. Direct Debit.

III. Service User Processes

· The role of the receiving PSP aggregating payment files instead of retail payments systemoperators.

· The impact of the reconciliation process for a large corporate and/or government department.

· The identification and process alignment for the Grade 3 government Direct Credit submitter.

· The economic and practical model for delivering services.

IV. Assurance

· As the design process moves through its stages, assurance and liability issues will be fullyconsidered to ensure that customer impact and system security and resilience remain intact.

V. Regulatory

· The ownership and control of retail payments system operators’ services, for example, ISAtransfer, Bulk redirection, Affiliate training, Service User audits.


13

2.2.2 NPA Themes and Treatment PlansTheme 1. Concern about the future of Direct Debit within the UK’s payments ecosystem.

A common theme amongst respondents was a concern as to the future usage of Direct Debit under theproposed NPA design. We have further expanded on the comments from respondents below, alongsideour response to what was said.

Themes Responses

· Direct Debits are being shut down. As stated on our website in October 2017, it isnot our intention to discontinue the use of DirectDebits.

Our analysis thus far indicates that Direct Debitcould be successfully implemented on the NPAusing a push payment, and this is our expectation.

· Uncertainty whether Grade 3 services willcontinue.

Direct Debits including grade 3 services will not beshut down and the NPA architecture can supportthem.

· Request to Pay (RtP) replacing DirectDebit.

Direct Debits will not be replaced by RtP.

RtP is intended to be a complementary product toDirect Debit.

· Significant operational and cost impactson service end users and bureaux.

· The impact on originators of paymentsand the approximately 130,000 directsubmitters to Bacs.

· Direct Debit is a proven working solutionand the move to a push-only paymentmodel having the potential to be highlydisruptive.

Third-party payment service provider (TPSP)delivered services are expected to ensure thatthere will be minimal impact on payment serviceusers and bureaux.

The Bacs eco-system is made up of end-users,several hundred bureaux and a small number ofsolution providers. Work is being carried out bythe NPSO and will continue into 2018 todetermine the impacts of moving to a push modelon the different market participants. This workintends to minimise any NPA generated impacts(recognising that regulations such as the revisedPayment Services Directive and General DataProtection Regulation will have an impact outsideof the NPA design).

Indications are that a number of TPSPs have seenthe opportunity and are preparing to deliver theseservices.

Activities:

In response to the comments received, we have undertaken the following activities:

· Clarifications have been posted on our website in October 2017 intended manage anymisunderstanding and give comfort on the future of Direct Debit and its relationship toRequest to Pay.

· Sessions have been held with multiple stakeholders to review the architecture and demonstratehow Direct Debit can function on the NPA. This detail is in the NPA Blueprint.

· Further work will be undertaken as identified in section 2.2.1.5


14

Theme 2. Respondents’ request for more analysis to adequately capture the implicationsof adopting a push model and in proving key aspects of the NPA.

Themes Response

· The need for more clarity around howDirect Debit will work on a push-onlysystem.

· The need for further analysis on thebusiness and technical implications ofadopting a push model.

· Demonstrating resilience and how theNPA will meet the Bank of England’sresilience imperative.

Further work has been completed to elaborate onthe functioning of Direct Debit on the NPA and isreflected in the NPA Blueprint. This will be furtherdeveloped by the NPSO as part of their delivery ofthe NPA.

· The potential impact of the revisedPayment Services Directive (PSD2) onmoving Direct Debit to a push model.

· Concerns about the impact on the legaland regulatory framework on Direct Debitof moving to a ‘push payment’ model.

· Determining the security arrangements,liability models and legal framework tosupport the concept of the NPA.

A review with the FCA on whether Direct Debitswill / will not be impacted by a move to a pushpayment model was completed, alongside aninformal legal view of the position.

We believe that Direct Debit can operate on thenew push payments mechanism within thecurrent legal and regulatory framework.

There is recognition that further work is requiredto establish the liability framework for the NPAwhich will be developed by the NPSO starting in2018, as described in section 2.2.1.5.

· The flexibility of the NPA to acceptadditional overlay services, for example‘Request to Accept’, where thebeneficiary can choose to accept or rejectan inbound credit.

The NPA layered architecture allows innovationand enables competition on the top layers.

· Alignment with other paymentprogrammes, e.g. demonstrating the useof ISO20022 interoperability based onlearnings from Open Banking.

· The possibility of utilising existinginvestment and infrastructure.

Careful planning is essential to ensure serviceresilience and best use of participants’ resources.The NPA will be delivered by a number ofcoordinated NPSO projects that will be subject toindustry standard governance and programmerigour.

A ‘map’ showing how industry initiatives, such asOpen Banking, enable the delivery of the NPA willbe finalised and added to the NPA Blueprint.

· The ability of the NPA to respond to theWhich? Super-complaint.

The NPA will only accept authorised payments atthe clearing layer. The clearing layer will includethe ability to integrate with Financial Crimetransaction analytics capabilities, to allowcompetitive development of solutions to helpaddress the Which? Super-complaint and betterenable financial crime prevention and detection.

· Communicating with multiple PSPs ratherthan one Automated Clearing House(ACH) would increase the complexity,cost and risk of a vendor’s product orservice.

Careful planning is essential to ensure serviceresilience and best use of participants’ resources.The NPA will be delivered by a number ofcoordinated NPSO projects that will be subject to


15

Themes Response

· Corporates expressed concern thatchanges will impact their systems.

industry standard governance and programmerigour.

· Concern about the NPA’s ability to beable to process payments originatedoutside the UK.

Currently, when payments originated outside flowinto domestic schemes, there is data loss part ofmessage translation. However, with NPA usingISO20022 data loss will be avoided, supportinginteroperability.

Activities:

In response to the comments received, we have undertaken the following activities:

· We have engaged the NPSO partners and affiliates through their existing stakeholderprogrammes in a number of workshops to establish detailed requirements for the NPA.

· The consultation document indicated that work was already underway and that more analysiswill be performed by the NPSO as part of its NPA delivery projects. These updates are reflectedin the NPA Blueprint.

· Further work will be undertaken as identified in section 2.2.2.· The NPA strawman implementation plan has been updated in the NPA Blueprint and the NPSO

will oversee the next level of details around the timelines.

Theme 3. Concerns that a layered architecture will compromise security.

Themes Response

· A layered model enables large numbersof new entrants which could introducenew security risks.

· Implementation of measures to preventpayment fraud.

The NPA is underpinned by a trust framework(similar to Open Banking) which is envisaged toensure that participants in the NPA are known,trusted and accredited before they can accessother layers and components of the NPA.

Activities:· The security framework to be developed by the NPSO in 2018.


16

Theme 4. Further analysis of the clearing and settlement deployment approach.

Themes Response

· Broad support for clear segregationbetween the clearing and settlementlayers.

· Further analysis on the clearing andsettlement deployment approach for theclearing layer is required, including howclearing and settlement mechanismswould work in principle and how theycan scale, both in terms of user numbersand performance demands givenanticipated growth.

Widespread support for a centralised clearing andsettlement model.

Further analysis to be performed by the NPSO onthe appropriate deployment approach for clearingand settlement.

Activities:

Detailed requirements and a vendor selection approach will be developed by the NPSO during 2018.

Consultation and collaboration with the payments community have been at the heart of our approachthroughout our work. We have carefully taken consultation responses and other feedback into account.

The NPA Design and Transition Blueprint has been updated, where appropriate, to show our responsesto feedback from the consultation.


17

2.3 Collaborative Requirements and Rules for the End-User Needs Solutions

There was widespread support for the end-user solutions and a general sentiment that they wouldaddress the detriments for which they were designed. There were, however, conflicting views on theConfirmation of Payee response approaches presented, which we have resolved through further analysisand discussion with stakeholders.

2.3.1 Notable Response ThemesIn this section we outline how the responses we received during the consultation have helped us toenhance our design for Confirmation of Payee.

2.3.1.1 Confirmation of Payee

Confirmation of Payee (CoP) will provide a payer with information to give them assurance that theaccount to which they are making the payment belongs to the intended payee. This will help to addressthe detriment associated with misdirected payments. The CoP response provided to the payer will beclear and unequivocal.

Figure 9: What is a misdirected payment?

Two approaches were proposed in the July consultation document:

1. Approach 1 – The payer is provided with an affirmative or negative confirmation on whether theaccount belongs to the intended payee.

2. Approach 2 – The payer is played back account information related to the sort code and accountnumber.

Among respondents, 41% preferred Approach 1 while 24% preferred Approach 2.

10 organisations did not prefer either approach.


18

Figure 10: Confirmation of Payee responses to approaches 1 and 2

In their responses, respondents outlined the advantages and disadvantages of each of the approachespresented.

Approach 1 (Matching) Approach 2 (Playback)

Advantages

ü Avoids sharing of personal datawith payer

ü Simplicity which would easeintegration with business rulesand systems*

ü Most useful to end-user

ü Easier to develop than Approach1

ü Increased transparency

Disadvantages

x Accurate match may provedifficult to obtain

x Minimal value-add to end-user incomparison to Approach 2

x Complexity of fuzzy logic and theliability associated with this on thepayee’s PSP

x Data protection and privacy is amajor concern

x Could expose accounts to otherpotential fraudulent activity andabuse

x Would need to operate through acentral database model to work

x Confusion, where the accountname fed back is different to therecognised name the payer, wasexpecting.

Following respondent feedback, a combined approach was identified that takes into consideration theadvantages of both approach 1 and 2 and addresses the cons highlighted.

41%

24%

35%Approach 1

Approach 2

Neither


19

Figure 11: Confirmation of Payee base standard design approach

More information about this design can be found in the NPA Blueprint – Collaborative Requirements

and Rules for the End User Needs.

2.3.2 Themes and Treatment PlansSeveral themes emerged from the consultation and are presented in this section.

2.3.2.1 Request to Pay

The Request to Pay solution had the majority of consultation questions. It also had the largest share ofresponses in comparison to the other EUN solutions. Most of the respondents expressed generalagreement and support for Request to Pay as designed in achieving the objectives for which it is wasconceived. That is, to increase flexibility, transparency and control for payment end-users.

Respondents also raised queries and highlighted areas requiring further analysis and consideration. Thesefocussed on several areas: the relationship between Request to Pay and Direct Debit; potentialoperational challenges especially for large corporates; impact on certainty of payment and cash flow,liability framework and fraud and financial crime considerations.

Each of these themes and our responses are presented in the table below. In addition, where needed, wehave outlined the activities we have undertaken to further develop Request to Pay in line with both theForum’s plan of activities and the responses received.

Themes Responses

1. Further clarity required on the relationshipbetween RtP and Direct Debit.· Some respondents requested greater

clarity on the relationship betweenRequest to Pay (RtP) and Direct Debit (DD)and how the payment extension optionas part of RtP would impact on the

RtP is a voluntary and complementary product toDirect Debit. The majority of respondentsindicated that while Direct Debit is their maininbound payment method, there is also a materialpotential segment of their customer base who, inour opinion, could utilise and benefit from RtP.


20

Themes Responses

certainty of payment. Some respondentsfelt that further articulation of liabilitythroughout the RtP chain would bebeneficial.

Activity:

· The NPSO will proceed with the rollout ofRtP in collaboration with the competitivemarket.

2. Further analysis required on the suitabilityfor RtP for recurring payments.· There was concern that payers would

need to authorise a recurring paymentevery cycle.

Where payers require infrequent control overrecurring payments we believe that thecompetitive market will provide enhancements tofulfil this demand over and above the core RtPdesign we presented; for example automatedresponses etc. We have validated this throughconversation with RtP providers.

Activities:

· This action will not be added to the coreRtP design.

· The NPSO shall encourage RtP providersto provide competitive enhancements inresponse to customer demand.

3. Request to Pay uptake.· A section of respondents expressed

concern on the uptake levels of RtP andthe associated business case.

There is market interest from multiple parties tooffer RtP on a competitive basis, which isevidenced by the existence of demonstrableprototypes.

Larger parties in the market have expressed awillingness to offer RtP but have concerns aboutthe cost of change.

In response to this concern, several marketproviders in their consultation response haveexpressed that they have solutions that wouldallow large players to integrate RtP with minimalchanges to their existing systems. This wouldreduce the cost of change.

Activity:

· We have worked with the NPSO toinitiate an engagement programme tobring together RtP users (payer andpayee) and service providers as part of thedelivery phase RtP with the aim to informthe next level of detail, drive engagementfrom an early stage with RtP’s user baseand increase uptake levels.

4. Potential operational challenge due toincreased communication resulting fromRtP.· Respondents observed that the increased

communication as part of RtP couldintroduce operational challenges, and a

There was a concern raised on changes tocorporate systems which we acknowledge. Severalvendors who responded saw an opportunity toprovide services that minimised the need tochange existing systems.


21

Themes Responses

level of change will likely be required onexisting legacy systems to integrate RtP.

Activity:

· Suggested approaches and designfeatures were incorporated into thecommon standard that minimisesbusiness challenges arising from increasedcommunication due to RtP, i.e. standardcommunication fields, automation.

5. Impact of RtP on the certainty of payment.· Further clarity required on how payment

extensions would relate to existingpayment penalty regimes, creditreporting, vulnerable customermanagement, debt management.

There was concern around certainty of payment.We were anticipating this concern to arise. Furtheranalysis was carried out on how RtP impactscertainty of payment and associated features suchas credit reporting, debt management etc.

Activities:

· Analysed how RtP impacts certainty ofpayment. Associated features have beenadded to the common standard.

· A whitepaper was produced on theimpact of Request to Pay on the certaintyof payment for payers. This has beenadded to the requirements and rules andis part of the NPA Blueprint.

6. Articulation of liability throughout the RtPchain is not clear.

Activities:

· A liability session was conducted with theparties that offered to review the liabilityframework we have defined.

· A workshop was held on 2nd November2017 with 26 representatives from thepayments community to identify Requestto Pay liabilities.

· The liabilities identified were documentedwith appropriate recommendations andrequirements.

7. Fraud and Financial crime considerations. Activities:

· As part of the liability discussions, thedesign features of Request to Pay wasalso explored to reduce the likelihood offraud and financial crime.

· This included recommending that Requestto Pay providers be accredited, ensuringthe technical infrastructure is robust andsecure for integrating Confirmation ofPayee. In addition, end-users should beeducated on how best to safely engageand utilise Request to Pay. Theserecommendations have been included inthe rules and standards.

We have produced and published the Request to Pay Technical Solution Blueprint.


22

2.3.2.2 Assurance Data

Assurance Data consists of 3 components: Real-time balance, Confirmation of Payee and Payment statusand tracking. The majority of respondents focussed on Confirmation of Payee and real-time balance.There was widespread support in particular for Confirmation of Payee, with most respondents expressinga desire to see it delivered as soon as possible.

In addition, respondents commented on the CoP approaches presented in the draft blueprint. Thisanalysis is provided in more detail in the appendix.

There were fewer observations on the remainder of the Assurance Data solutions: Real-time balance andPayment status and tracking. The summary of themes, our responses and associated activities arepresented in the table below.

Themes Responses

1. Real-time balance.· Many respondents mentioned that real-

time balance information is alreadyavailable.

The responses on real-time balance validated ourdecision not to carry out further work on thissolution and leave it to PSPs.

2. Confirmation of Payment Approach.· Response Approach: Most respondents

favoured Approach 1 for CoP. However, amajority of respondents pointed out thatboth approaches had disadvantages thatrequired addressing.

We have incorporated the feedback provided byrespondents and proposed an updated approachto CoP.

Activities:

· There is an update to the design of theCoP solution which has beenincorporated into the requirements andrules and handed over to the NPSO forimplementation. We recommend that aspart of the implementation of CoP,consideration is made to ensure thatincidences of false negatives and positivesare kept to a minimum. This is through acombination of end-user education andinterface design.

· This new approach is reflected in the NPABlueprint.

· This new approach has also been sharedwith HM Treasury, Payment SystemsRegulator and Which?

3. PSP Participation.· All PSP respondents with the exception of

one expressed that they would be willingto participate in CoP.

· They, however, expressed concern withthe fact that success was dependent onother PSPs participating and thus aconcerted level of coordination may berequired.

Activities:

· We recommend to the NPSO that acoordination mechanism is put in place toensure that the rollout of CoP achievesthe required levels of engagement andparticipation across the industry.

4. Regulatory Position.· Several PSPs requested clarification on the

regulatory position of CoP as well as how

· All account servicing payment serviceproviders' (ASPSPs) will have to respond


23

Themes Responses

this is being coordinated with theongoing response to the Which? super-complaint.

to requests for Confirmation of Payeefrom other ASPSPs.

· The offering of CoP to customers iscompetitive in the market.

· The PSR could mandate Confirmation ofPayee should it deem it appropriate andnecessary.

Activity:

· Which? and the PSR were engaged onthe super complaint and its interlock withthe PSf’s work on Confirmation of Payee.We recommend that the NPSO continuesthis engagement with Which?

5. Payment status tracking.· Respondents agreed with our conclusion

that payments status tracking is highlydependent on the underlyinginfrastructure supporting tracking.

· Respondents highlighted the need toensure additional considerations aremade in the next phase ofimplementation. In particular, dataprivacy implications that may arise andthe need to balance off theimplementation cost of real-timeinformation presentation against thebenefit accrued to the end-user. In someinstances, the end-user may not need aninstant receipt of the information.

Requirements around payment status trackinghave been included in the design of the NPA.

Activities:

· No further changes to be made to thedesign. This will be handed over to theNPSO to progress to the next stage ofimplementation.

2.3.2.3 Enhanced Data

Enhanced Data is the 3rd of the end-user needs solutions. Respondents expressed a general agreementwith the use cases and benefits presented. In addition there was general agreement with the designpresented which relies heavily on utilising the ISO 20022 messaging standard, and integrating theEnhanced Data capability into the core NPA design.

Respondents pointed out the need to progress the design to the next level of detail, with a focusespecially on Data security, privacy and protection. A majority cited GDPR as a key area of focus.

The main theme and resulting actions are summarised below:

Themes Responses

1. Uses and benefits.· Respondents largely echoed the

uses/benefits outlined. Improvedreconciliation of payments was the mostfrequently cited use.

A deliberate action was taken to leave thedefinition of enhanced data at a high level due tothe high level of dependency on the NPA detaileddesign and the other related projects such asRTGS.

Activity:


24

Themes Responses

· They called for further development onagreement on security, data protection,storage standards and GDPR compliance.

· The NPSO is leading the definition of thenext level of detail, for example dataschema, data fields, control and securityas part of the NPA delivery incoordination with other ongoinginitiatives like the Bank of England’srenewal of the Real Time GrossSettlement system (RTGS) and thereplacement of Faster Payments and Bacs.

The Collaborative Requirements and Rules for the End User Needs Solutions Blueprint has beenupdated, where appropriate, to show our responses to feedback from the consultation.

We have produced and published the Request to Pay Technical Solution Blueprint.


25

2.4 Implementation PlanBased on the assessment of the current and future industry landscape, there is general agreement withthe principles and assumptions supporting the implementation plan for the NPA, the high-level timelineproposed sequencing and transition approach.

Several respondents however observed that the timeline is too ambitious. Some felt that Direct Debitsshould be migrated separately. The timeline has therefore been modified as part of the post-consultationactivities and this strawman timeline can be found in the NPA Blueprint.

The majority of respondents felt there were additional risks not captured within the consultation paper,and we have acted on this feedback by performing a detailed risk review, which will be handed over tothe NPSO. Most of these risks were already reflected in the detailed documentation.

2.4.1 Notable Response ThemesBelow we set out notable themes that emerged from the responses to this section of the consultation.We outline the responses received about the high level timeline, and present a revised indicative timeline.We also provide an update on our proposed indicative timelines for Confirmation of Payee and Requestto Pay implementation.

2.4.1.1 Broad agreement with the sequencing of the NPA implementation, feedback onhigh-level timetable addressed.

26 organisations are, in principle, supportive of the sequence of events in the NPA implementation plan.7 did not agree and 15 organisations did not respond.

Figure 12: Agreement with sequence of events in NPA implementation plan

17 organisations agreed with the high-level timetable in the NPA implementation plan, 13 did not agreeand 18 did not respond.

Key observations included:

· The transition approach and timetable are key matters for the NPSO to develop in more detail,taking into account other external developments and dependencies e.g. the BoE RTGS renewal,PSD2 and Open Banking.

· It might be prudent to set an industry “Go / No Go” decision in 2019 to manage the concernsaround slippage of hard dependencies.

9

1

10

4

2

3

1

1

2

4

1

5

1

3

1

0 2 4 6 8 10 12 14 16 18

Vendor

Trade Body

SME

PSP

Government

Corporate

Consumer

Yes No No answer


26

Figure 13: Agreement with the high-level timeline

2.4.1.2 Revised indicative timeline

The revised indicative timeline (Figure 14 below) centres on the delivery of the core Clearing andSettlement layer to support the overall NPA architecture. Consultation responses were broadly supportiveof the suggested event sequencing. Of the 30 respondents that expressed a view, 17 agreed with theoverall timeline. The feedback confirmed that examination of the next level of detail will be an importantstep for the NPSO to undertake to further inform the industry.

The timeline presentation has been simplified, especially with regards to the delivery of the Clearing andSettlement layer. The delivery of this layer has been extended by six months to give greater time foranalysis and reflect some concerns expressed around the tightness of the delivery schedule. We alsoadded more clarity on the governance activities that NPSO will undertake as part of the NPA delivery.

Through the next level of design, the NPSO will refine the plan to reflect greater detail for additionalservices and activities. This phase of activity will consider the wider impacts on, and expectations of, keystakeholder groups such as PSPs, Vendors and Corporates for these activities including the developmentof overlay services.

Work has continued in collaboration with the NPSO to further develop the schedule of activities. Therevised indicative timeline illustrates that the preparation activity has commenced within the PSOs toprovision a Clearing and Settlement architecture layer agnostic to the different payments and servicesthat will be dependent upon it. The schedule does not identify specific commercial negotiation points orperiods as that is for the NPSO to determine.

Within the updated NPA Blueprint we have referred to the detailed activity being undertaken todetermine how the products and services will be supported in the architecture. The broad governanceactivities shown in the revised indicative timeline illustrate the areas requiring consideration by the NPSOenabling the whole industry to transition, whilst ensuring the stability of the UK payments environment.

The NPA Blueprint also contains indicative timelines for the implementation of Request to Pay andConfirmation of Payee (see Figures 15 and 16 below) to address the end user detriments at the earliestopportunity independently of the NPA within the competitive market.

13

1

7

1 13

4

1 1

7

24

66

0

2

4

6

8

10

12

14

16

18


Yes No No answer


27

Figure 14: Revised indicative timeline

2.4.1.3 Indicative Request to Pay timeline

The Forum has continued to work on the timeline for Request to Pay, exploring the interlock with OpenBanking and adding more detail to arrive at the schedule below. We have worked with the emergingNPSO organisation to develop a set of activities that reflect the likely path to market-readiness of aRequest to Pay capability.

The indicative timeline reflects that:

· The NPSO will define the API specification based upon which PSPs will build Request to Payrepositories and end-user applications.

· Request to Pay will be delivered on existing payment infrastructure with the intention oftransitioning it over to the NPA.

· The NPA will deliver the Enhanced data capability required to attach data to payments initiatedvia Request to Pay.

· The NPSO to conduct a review in Q4 2018 to determine market readiness to deliver Request toPay.


28

Figure 15: Indicative Request to Pay timeline

2.4.1.4 Indicative Confirmation of Payee implementation plan

The Forum has continued to work on the solution for Confirmation of Payee (CoP), resulting in the newsolution (as described in the NPA Blueprint – Collaborative Requirements and Rules for the End UserNeeds). We have worked with the emerging NPSO organisation to develop a new solution and approachfor CoP. This updated solution and the associated plan below has been developed and shared withstakeholders to factor in the appropriate drivers and dependencies relevant to the delivery of CoP.

The indicative timeline reflects that:

· The NPSO will define the API specification based upon which PSPs and vendors will build theAPIs.

· CoP is dependent on PSPs configuring their customer channels e.g. online banking portals.

· There is a dependency on the Open Banking API framework and the NPA to provide theminimum common infrastructure e.g. API directory.

· The NPSO will conduct a review in Q4 2018 to determine market readiness to deliverConfirmation of Payee.


29

Figure 16: Indicative Confirmation of Payee timeline

2.4.2 Themes and Treatment PlansThemes Responses

1. Implementation plan principles andassumptions.

Activities:

In line with respondents’ suggestions,amendments have been made to theimplementation plan principles and assumptions,such as:

· Strengthening the wording around theprinciple of retaining resilience andstability of the system.

· Adding an assumption to clarify that RtPwould operate alongside andcomplement Direct Debit rather thanreplace it.

· Adding an assumption that processeswould be put in place to keep data insync between legacy and new systems(e.g. Current Account Switch Service).

2. Implementation timeline, sequencing andtransition approach.

The implementation timeline initially proposed inthe consultation document has been updatedafter collaboration with the NPSO which reflectsthe procurement process they intend to use todeliver NPA. The feedback on the consultation hasbeen taken on-board in this process.


30

Themes Responses

Activities:

· An updated timeline incorporatingrespondent feedback, which is reflectedin the NPA Blueprint.

· Ongoing additional engagement workwith small and medium enterprises thatwill be continued by the NPSO till Q12018.

· Ongoing targeted meetings withrespondents to respond to concerns andaddress challenges to the approach thatwill be continued by the NPSO till Q12018.

3. Implementation risks.· The majority of respondents felt there

were additional risks not captured withinthe consultation paper.

· Confusion over Direct Debit led toresponses from SMEs / corporates thatany significant changes would be a risk totheir business.

Activities:

· Additional risks and mitigating actionshave been incorporated into the NPABlueprint, which will be handed over tothe NPSO.

· Clarification on Direct Debit in the NPABlueprint and are also described in thearchitecture section of this document(Section 2.2).

The NPA Implementation Plan Blueprint has been updated, where appropriate, to show our responsesto feedback from the consultation.


31

2.5 Cost Benefit Analysis of the NPAThe cost assumptions were challenged by several respondents as being too low. The respondents’observations were that some costs seem to have been excluded, for example, end-user costs, testing andlegacy systems retirement. Some respondents noted that benefits were not quantified or stressed, e.g.enhancement of competition, improved macroeconomic outcomes and societal benefits. We havetherefore updated the model with the additional information we received from respondents for the costsand benefits, and updated the NPA Blueprint accordingly.

2.5.1 Notable Response ThemesBelow we set out an analysis of the responses we received during consultation regarding the costassumptions associated with the NPA cost benefits analysis.

2.5.1.1 NPA cost assumptions

With regards to the cost assumptions within the business case, 9 organisations agree, 21 organisationsdo not agree but have not provided alternative figures and 18 organisations did not provide a response.

Figure 17: Responses to the NPA cost assumptions

A variety of explanations were provided with regards to the cost assumptions. Some of them are:

· Costs and timeline of construction and dual-running phase

· The estimate for PSPs appears to be low. PSPs will need to build or procure ISO 20022 gatewayservices and will also need to make a substantial change to their internal payments infrastructureand potentially customer channels.

· The estimate for building the new Clearing and Settlement appears low, considering thecomplexity of building this to cope with several schemes, to be payment type agnostic and giventhat it is not something that has been carried out before in the UK.

Despite the challenge on the costs no party has suggested the business case is untenable.

We contacted the 22 organisations that did not agree with the proposed costs (21 thought the costswere too low, and 1 believed the costs were too high). On the basis of re-engagement, we have reviewedall new inputs. Using the data available, we have concluded to keep the costs broadly the same on thefollowing basis:

· Costs will be based on implementation within the API Open Banking ecosystem and these will beless than those of historical implementations.

4

3

2

8

1

1

7

2

2

4

1

1

7

1

3

1

0 2 4 6 8 10 12 14 16 18

Vendor

Trade Body

SME

PSP

Government

Corporate

Consumer

Yes No No answer


32

· Whilst it is acknowledged there have been cost overruns in some other similar developments inthe industry, this should not be reflected in the cost estimates as these would, therefore, beartificially inflated.

· More detailed work is needed before an updated cost model for implementation can bedeveloped, without more detail and an additional set of facts, changes applied at this stagewould be overly subjective.

· Similarly, any further development of alternative industry scenarios at present would add littlevalue.

2.5.2 Themes and Treatment Plans

Themes Responses

1. Cost assumptions challenged. The costs reflect the industry data points obtainedduring the analysis phase of the CBA.

Activities:

· The respondents who challenged thecosts were contacted and requestedassistance in providing additional datapoints.

· Where data was offered, face to facesessions were held to discuss the figuresprovided and capture underlyingassumptions.

· These sessions did not yield significantnew data points to materially change theCBA.

2. Benefits quantification questioned. Significant qualitative benefits were listed in the‘Blueprint for the Future of UK payments’published in July. Where the benefits couldreasonably be justified and are of scale they wereincluded in the cost benefit analysis.

Activities:

· The benefits suggested by therespondents have been reviewed. Whereappropriate, the NPA Blueprint has beenupdated to include the relevant analysis.

3. Alternative Industry Minimum challenged.· Challenges were made to the agreed

Alternative Industry Minimum position,specifically around the exclusion ofRequest to Pay and Assurance Data.

We believe the Alternative Industry Minimum setsout the most credible counterfactual position andhence it remains unchanged.

The Cost Benefit Analysis of the NPA Blueprint has been updated, where appropriate, to show ourresponses to feedback from the consultation.


33

2.6 NPA Commercial Approach and Economic ModelsThere is broad agreement from respondents that there was sufficient analysis on Commercial Approachand Economic Models to present a series of frameworks to help the NPSO assess funding options, presentassessment criteria, identify pre-requisites for the adoption of new solutions and outline finding optionsfor the New Payments Architecture. We have updated the NPA Blueprint with further suggestionsprovided by respondents where appropriate.

2.6.1 Themes and Treatment Plans

Themes Responses

1. Competition existing in payments.· 85% of organisations agreed that the

competition framework adequatelycaptured the types of competition thatmay exist in payments.

There are suggestions made by respondents thatthe NPSO should consider as it evolves to assumeits role in the market:

· The provision of greater clarity aroundregulatory requirements for TPSPs.

· The ability for infrastructure providers toprovide overlay services.

· From a competitive perspective, the NPSOfocussing on scoping requirements andaccrediting participants in ways whichmaximise the opportunity to promotecompetition and deliver positiveoutcomes for end-users.

· The NPSO developing a range of productofferings extending beyond the narrowlandscape of the NPA processing model.

· Exercising greater control over the “forthe market” vendors.

· The impact on downstream competition(including accessibility, efficient pricing,and low prices for end-users) be takeninto consideration.

2. NPA competition categories.· 90% of organisations agreed with the

NPA competition categories whilst only 2vendors disagreed.

· Only one made further suggestions andstated that the impact on downstreamcompetition (including accessibility,efficient pricing, and low prices for end-users) be taken into consideration.

3. Roles the NPSO could play in the market.· 81% of organisations agreed with our

framework that captured the dynamicroles the NPSO could play in the market.

4. NPA competition assessment.· 92% of organisations agreed with this

analysis.

5. Criteria to assess funding options.· 50% of organisations who responded

made suggestions for other importantcriteria to be used to assess fundingoptions.

6. End User Needs Solutions.· 9 respondents disagreed with our

assessment of the End User NeedsSolutions, out of a total of 24.

Further suggestions for the NPSO to consider:

· The provision of guidance onimplementation roadmap and synergieswith PSD2 and Open Banking.

· The operational structure of an NPSOsubsidiary, the roles of marketparticipants as funders and not-for-profitinitiatives of the NPSO.

7. Funding stakeholders.· 6 respondents disagreed with our

assessment of the funding stakeholders,out of 21 replies, however, theirsuggestions link to the structuring of thefunding (e.g. funding for the rail,integration or innovation to be separated


34

Themes Responses

out) rather than the stakeholdersthemselves.

· Clarity on the role of Government,existing guarantors and a ‘Pay to play’model.

8. Funding instruments.· 9 respondents disagreed with our

assessment of the Funding instruments,out of 20 replies. Respondents’ alternatesuggestions are mostly covered by thecontent of the NPA Blueprint detaileddocument for the Commercial andFunding Approaches section.

Activities:

The following topics have been added to the ‘Commercial Approach and Economic Models Blueprint’:

· Tax implications

· Fee caps for consumers

· Back up / contingency plan

· Interoperability concerns

· Anti-competitive restrictions

· Clarify market participants

· Not for profit focus of the NPSO

The NPA Commercial Approach and Economic Models Blueprint has been updated, whereappropriate, to show our responses to feedback from the consultation.


35

2.7 Improving Trust in PaymentsRespondents were supportive of both of our Improving Trust in Payments solutions, Payments TransactionData Sharing and Data Analytics, and Trusted KYC Data Sharing, that were presented in the consultationdocument. Of all respondents, 37 answered at least one question from Section 6 covering the ImprovingTrust in Payments solutions. The statistics and analysis within this section relate to those 37 respondents,in addition to the commentary from the 11 organisations that sent letters.

The information gathered through consultation was used to update our solution designs; more details ofthese updates can be found below. An update on the other Improving Trust in Payments solutions can befound in Appendix 3.

2.7.1 Notable Response Themes – Payments Transaction Data Sharing andData Analytics

Respondents were supportive of the Payments Transaction Data Sharing and Data Analytics solution.

Emphasis was placed on maximising the solution’s potential by considering:

· The inclusion of virtual currencies where possible

· The inclusion of payment initiation instructions, prior to PSP involvement

· Cross-industry benefits, in particular, usage by government, law enforcement and securityservices

Figure 18: Agreement with the key principles outlined

2

7

1 13

1

3

11

1

6

1

9

0

2

4

6

8

10

12

14

16

18

Corporate Government PSP SME Trade Body Vendor

Yes Undecided No answer


36

Figure 19: Agreement with the high-level timeline

2.7.2 Themes and Treatment Plans – Payments Transaction Data Sharingand Data Analytics

Themes Responses

1. Additional suggested participants wereprovided for the proposed categories.

· We will include a key requirement toensure that support is provided for futureparticipant categories and developmentsin the payments industry.

· We will also include reference toappropriate controls and governance inthe scope and governance document,such that only valid participants will haveaccess to the data sharing andtransactional analytics strategic solutionand this will be based on their agreedneeds.

· A specific requirement to ensure strongdata privacy protections are in place aspart of the strategic solution will beincluded.

· Specific requirements will be included inthe scope and governance documentregarding the pricing and funding model.

· Additional stakeholders suggested byrespondents will be reviewed andincluded in the scope and governanceand implementation document asappropriate.

2. Respondents suggested that participantcategories should be scalable and flexible tosupport future participant types that mayemerge.

3. Positive views were expressed for theinclusion of non-payment industryparticipants.

4. Examples given of legislation and controlsto be considered were:

· GDPR

· Proceeds of Crime Act

· Money Laundering Regulations

· The SARS review

· 4th Anti Money LaunderingDirective

5. Some respondents strongly advisedconsulting with the InformationCommissioner’s Office when designing thesolution due to the data privacy issuesraised by the sharing of data.

2

9

1 1 11

3

1

52

4

7

0

2

4

6

8

10

12

14

16

18


Yes No No answer


37

Themes Responses

6. A need was expressed that the pricing andfunding model for the solution is equitablebetween all participants of the service.

7. Additional stakeholders were suggested byseveral respondents.

We have published the following documents for the Payments Transaction Data Sharing and DataAnalytics solution:

· Solution Scope and Governance Oversight

· Solution Implementation Approach

2.7.3 Notable Response Themes – Trusted KYC Data SharingA clear majority of respondents are supportive of the proposed KYC Data Sharing solution.

Emphasis was placed on maximising the solution’s potential by considering:

· The creation of a longer-term strategic view on all aspects of KYC registration and data sharing(both from a domestic and international perspective) given the number of inbound andoutbound payment transactions from/to non-UK payment addresses.

· While UK Finance, PSR and NPSO are mentioned as potential candidates as a governance body, asimilar number of respondents think a new governance body needs to be created.

Figure 20: Agreement with the establishment of the recommended framework

1

8

1

41

3

2

1

8

11

6

0

2

4

6

8

10

12

14

16

18


No answer No Yes


38

2.7.4 Themes and Treatment Plans – Trusted KYC Data SharingThe significant majority of respondents agreed with the approach to the solution implementation andscope. In some cases, respondents did highlight areas where additional details and consideration may bebeneficial, including:

Themes Responses

1. Liability models for reliance when decisionsare made based on sharing incorrect orunverified data, particularly under acommercial agreement.

In response to the comments made byrespondents, the following will be actioned:

· The recognition of the potential of thesolution beyond the SME segment is avery positive response. The positionremains that the solution should initiallybe developed for the segment where webelieve the greatest need and detrimentsare not currently being addressed by themarket. Future development may expandthe solution focus once it has beenproved with SMEs.

· Further analysis of the liability model willbe developed to cover the scope of thestandards covering data sharing andexchanging.

· The solution documentation will beenhanced to include an expanded set ofgovernance body responsibilities;customer education, oversight of industryguidance, complaints handling andreview procedures, as well as monitoringof the commercial environment amongstsolution participants.

· The recommendation is that a set ofcriteria should be developed to assess theongoing need and future demand of thetest environment and periodicallyreviewed to determine if the environmentshould remain available for new entrantsto participate.

As per the solution design, the data sharingstandards must take into account both existingand known upcoming legislation, with amechanism to adapt as necessary in future. Inadvance of the standards development a detailedassessment of the impact of GDPR should bemade to determine the impact of their definition.

2. Respondents saw the potential benefit thatcould be gained from expanding the marketfocus beyond SME KYC.

3. Expansion of governance bodyresponsibilities to include customereducation, production of industry guidance,and complaints handling, as well asensuring the solution remains accessible tonew entrants commercially.

4. The ongoing importance of the temporarytesting environment to promotecompetition and innovation.

5. GDPR and other legal considerations, wheresolution standards will need to align withupcoming legislation to ensure customerdata is shared and processed correctly.

We have published the following documents for the Trusted KYC Data Sharing solution:

· Standards Scope and Governance Oversight· Framework Implementation


39

3 Appendices3.1 Appendix 1 – Respondents to the ConsultationWe are grateful to the parties below for their time and input to the consultation process:

1. Accenture

2. Answer Digital

3. Association of Independent Risk &

Fraud Advisors (AIRFA)

4. Bacs

5. Barclays

6. Bluechain Payments

7. Bottomline Technologies

8. British Retail Consortium

9. Capita Asset Services - Shareholder Solutions

10. CBI

11. CBI & BT

12. Cenerva

13. Citizens Advice

14. Clydesdale Bank PLC

15. Cognizant Technology Solutions

16. CORVID PayGate Ltd

17. Dept For Work and Pensions

18. Dovetail

19. Driver & Vehicle Licensing Agency (DVLA)

20. DST Systems

21. Eazipay Ltd

22. equensWorldline

23. Experian Limited

24. Fair Isaac Inc (FICO)

25. Finance and Leasing Housing

26. Financial Services Consumer Panel

27. Finastra

28. FIS

29. FSB

30. Government Banking

31. HMRC

32. HSBC

33. Icon Solutions (UK)

34. J.P.Morgan

35. Kalypton

36. LBG

37. Metro Bank

38. My Zone

39. National Trading Standards Scams Team

40. Nationwide

41. NS&I

42. Open Banking

43. Paypoint

44. Paysafe Group PLC

45. RBS

46. Santander

47. SETL

48. SWIFT

49. techUK

50. The Ely Fitness Company Ltd

51. Tisa

52. TransferWise

53. Transpact

54. TSB

55. UK Finance

56. Virgin Mobile Telecoms Limited

57. Virgin Money

58. Vocalink

59. Which?


40

3.2 Appendix 2 – Consultation Response Analysis59 organisations responded to the consultation on the future of UK payments, with 48 having completedthe consultation questionnaires and 11 sending letters with comments on specific topics. Outlined is theprocess undertaken to analyse the feedback from respondents to prepare themes, with correspondingresponses.

3.2.1 A New Payments ArchitectureQuestion 1.1 ResponseDo you agree with our recommendation to movetowards a ‘push’ payment mechanism for allpayment types?

20 organisations agreed with therecommendation, 17 disagreed and 11 did notrespond.

1 13

242

1

8

1

5

24

6

1

7

0

2

4

6

8

10

12

14

16

18


Agreement with 'push' payment mechanism

Yes

No

No answer


41

o The 17 organisations who disagreed with the proposition to move to a push mechanism had onemain concern – the future of Direct Debit within the UK’s payments ecosystem.

o Some concerns were highlighted:

o Direct Debit being a proven working solution and the move to a push-only paymentmodel having the potential to be highly disruptive.

o The potential shift of monetary liability to the customers away from banks, through theeradication of Direct Debit.

o The potential for consumers to be unable to distinguish between Request to Pay andDirect Debit.

o The potential need for re-authorisation of push payments every 3 months and theensuing complexity for the customer.

Question 1.2 RespondentsIn the proposed transition approach it is expectedthat Third Party Service Providers including currentindependent software providers, bureaux andgateway providers will update their systems toenable existing payment formats to continue tooperate with no or limited negative impact on thecurrent users of services such as Direct Debit.As a PSP or TPSP, do you agree we have identifiedthe implications of adopting a push modeladequately?

10 organisations agreed with that we haveadequately identified the implications of adoptinga push model, 17 disagreed and 21 did notrespond.

Themes from the 17 organisations who disagreed:

o A lack of detail around the critical change to move towards a push payments mechanism, e.g.capturing the implications of moving DDs to a ‘push’ payment model.

o Lack of sufficient engagement and assessment to fully understand the implications of adopting apush model, particularly for those corporates and charities with a level of access to theinfrastructure.

4

6

7

1

8

1

5

1

2

3

5

4

1

0 2 4 6 8 10 12 14 16 18

Vendor

Trade Body

SME

PSP

Government

Corporate

Consumer

Agreement with implications of adopting a push model

Yes

No

No answer


42

Suggestions for further analysis are:

o The impact on originators of payments and the approximately 130,000 direct submitters to Bacs.

o The true costs of the movement to a push payment mechanism for all parties (not sufficientcaptured in the CBA section).

o The advantages and disadvantages to parties including PSPs and TPSPs.

o The status of the cultural and business readiness to ensure a successful change in the paymentsindustry and its users.

Question 1.3 RespondentsAs a potential vendor, participant or user of theNPA, are there any other design considerationsthat should be included in the NPA, especiallywith regards to considering the needs of end-users?

Out of the 48 organisations who responded to thequestionnaire, 7 indicated there were no moredesign considerations to be included, 35 indicatedthat there are other design considerations thatshould be included in the NPA, and 6 did notprovide a response.

Suggestions of design considerations that should be included in the NPA include:

o Synchronous and asynchronous processing, single and bulk payments and 24/7 submission.

o Focus on non-technical aspects, e.g. Financial Inclusion.

o Consideration around how end-users access payment history or use their existing accountreference information when they move PSP account providers (i.e. Current Account SwitchingService).

o Implementation of measures to prevent payment fraud.

o Consumer protection for Request to Pay.

o Availability for real-time data for both payer and payee.

o Advance notifications of bulk submissions (equivalent to Bacs Direct Credits).

o Flexibility of the NPA to accept additional overlay services, e.g. ‘Request to Accept’, where thebeneficiary can chose to accept or reject an inbound credit.

12

12

1

33

13

2 1

12

1 2

22

0

2

4

6

8

10

12

14

16

18


Design considerations

No more designconsiderationsshould be included

Other designconsiderationsshould be included

No answer


43

Question 1.4 RespondentsThe nature of the layering approach enables newcomponents to be added or updated with minimalimpact on components in other layers. We believethis will support greater levels of competition andinnovation especially in the upper layers of theNPA.In your view, as a vendor or service provider, willlayering the NPA in this way simplify access andimprove your ability to compete in the UKpayments market?

Out of the 48 organisations who responded to thequestionnaire, 25 agreed, 5 disagreed, and 18 didnot provide a response.

Respondents highlighted points to be cautious of with regards to the layering approach:

o Careful planning and execution required with regards to the complexities of the layeredapproach and the need to align component, integration and end to end testing.

o Communicating with multiple PSPs rather than one Automated Clearing House (ACH) wouldincrease the complexity, cost and risk of a vendor’s product or service.

Question 1.5 RespondentsWith the recommended centralised clearing andsettlement option, as a participant or vendor whois accessing or delivering the clearing andsettlement service, do you think:

a. We have reached the right conclusion inrecommending this option?

A positive response from 28 organisationssupporting the recommendation for a centralisedclearing and settlement model. 2 organisationsdisagreed and 18 did not state a preference.

4

2

5

3

3

1

2

2

1

10

2

10

1

2

0 2 4 6 8 10 12 14 16 18

Vendor

Trade Body

SME

PSP

Government

Corporate

Consumer

Will layering the NPA in this way simplify access and improve your ability tocompete?

No answer

No

Yes


44

o One respondent that didn’t agree with the centralised approach stated simply that in relation toclearing and settlement the views of the Bank of England will be paramount.

o The 18 organisations who didn’t state a preference didn’t provide any comments except for one.An existing Payment System Operator (PSO) stated that it was not possible to reach the rightconclusion without the rigorous testing and assessment, which indicates they would like moreanalysis to be done on this topic.

Question 1.5 RespondentsWith the recommended centralised clearing andsettlement option, as a participant or vendor whois accessing or delivering the clearing andsettlement service, do you think:

b. The right balance of managing risk versuscompetition has been achieved?

23 organisations agreed that the right balance ofrisk versus competition was achieved, 3organisations disagreed and 22 did not respond.

1

4 53 2 1 2

21

12

1

14

0

2

4

6

8

10

12

14

16

18


Agreement with the recommended centralised clearing and settlementoption

Yes

No

No answer


45

One respondent highlighted the key risk area is settlement risk and not competition or operational risk.Having a single infrastructure creates significantly high operational risk. Using a hybrid model delineatingclearing from settlement achieves the best balance.

Another indicated that the system should avoid the limitations in the settlement frequency and availabilityof today’s payment systems.

The PSR, in its June 2017 Infrastructure Review Final Remedies report, stated “we intend to take anyfurther steps required to apply this remedy to the new consolidated entity [NPSO], as appropriate, havingregard to the circumstances at the time, to ensure it competitively procures any future centralinfrastructure that is required.” With this in mind, the clearing and settlement layer should be developedin such a way that minimises any associated transition risk.

11

1

10

1

2

1

3

1

2

6

5

4

1

0 2 4 6 8 10 12 14 16 18

Vendor

Trade Body

SME

PSP

Government

Corporate

Consumer

Agreement with the balance of managing risk versus competition

Yes

No

No answer


46

Question 1.6 RespondentsDo you agree with our analysis of each of theclearing and settlement deployment approaches?

23 organisations responded positively that therewas the right level of analysis into both single andmulti-vendor deployment approaches, 2organisations disagreed and 23 organisations didnot respond.

o An existing Payment System Operator (PSO) and a large PSP stated that they won’t have a viewuntil further analysis is performed into both approaches.

o 20 organisations indicated their preference:

o 11 organisations preferred the single deployment option stating a balance between riskand control benefits.

o 9 organisations favoured the multi-vendor deployment option for reasons such as thevolume of payments growing or if contracting was enabled between participants andinfrastructure providers without recourse to a central body.

1

4 57

2 13

21

10

1

11

0

2

4

6

8

10

12

14

16

18


Agreement with our analysis of each clearing and settlement deploymentapproaches

Yes

No

No answer

11

9

Preference for single or multi vendor approach

Single Multi


47

Question 1.7 RespondentsAs a vendor of services in any layer of the NPA, doyou think that more work is required to prove anyof the main concepts of NPA before embarking onthe procurement process?

20 organisations would like more work to bedone to prove some of the NPA concepts, 8organisations were happy not to carry any furtherwork and 20 organisations did not have a viewnor commentary to share on this topic.

Main reasons for wanting further analysis were as follows:

o Demonstrating alignment with other payment programmes, e.g. demonstrating the use ofISO20022 interoperability based on learnings from Open Banking.

o Additional analysis around how clearing and settlement mechanisms would work in principle andhow they can scale, both in terms of user numbers and performance demands given anticipatedgrowth.

o Demonstrating resilience and how the NPA will meet the Bank of England’s resilience imperative.

o Utilising existing investment and infrastructure, where possible.

o Determining the security arrangements, liability models and legal framework to support theconcept of the NPA.

Yes41%

No17%

No answer42%

More work required to prove main concepts


48

3.2.2 Collaborative Requirements and Rules for the three End-UserSolutions

Question 2.1 RespondentsAs a payee,

a. Does your organisation serve customerswho experience challenges paying regularbills?

29 respondents answered this question, of which66% organisations indicated that they servecustomers who experience challenges payingregular bills.

Question 2.1 RespondentsAs a payee,

b. Does your organisation experience unpaiddirect debits?

28 respondents answered this question, of which64% organisations indicated that they servecustomers who experience challenges payingregular bills.

1 1

8

2

7

1

2

7

4 4

7

2

2

0

2

4

6

8

10

12

14

16

18


Experience of challenges paying regular bills

Yes

No

No answer


49

Respondents made some observations that can be summarised as follows:

o No evidence of increase in unpaid Direct Debits:

o Some DD collectors have seen no evidence that there are a growing number ofcustomers whose payment needs are not being met

o Many respondents highlighted that only a small percentage of Direct Debit fails

o It was to be noted that the proportion of payment failures are lower using Direct Debitthan non-Direct Debit

In addition, respondents took the opportunity to highlight the following:

o Business case for corporates:

o Since a small percentage of Direct Debit fails the cost-benefit analysis of implementingRequest to Pay was questioned

o Under Request to Pay working capital for businesses may become less certain

o Current cash flow issues for SMEs and the need for more flexibility:

o SMEs noted that they often come up against cash flow issues which presents a challengefor paying bills on a regular basis. Greater flexibility and control offered by Request toPay will be welcomed by these businesses.

o Difficulty for Small Businesses to become Direct Debit collectors:

o Only a small proportion of small businesses use direct debit to collect payments. This isdue to the requirements of the Direct Debit system making it too onerous for smallbusinesses to use this to collect payments this way.

o Some small businesses encourage customers to set up standing orders

o Budgeting v financial difficulty

o Some respondents were not clear how the consumer groups with budgeting problemswill be addressed using Request to Pay and the risk and appropriate protocol needed inthis case

o Corporates usually have controls and processes in place to work with customers in thesecircumstances to reduce their risk.

3

1

9

3

4

6

1

2

1

7

2

6

1

1

1

0 2 4 6 8 10 12 14 16 18

Vendor

Trade Body

SME

PSP

Government

Corporate

Consumer

Experience of unpaid DDs

Yes

No

No answer


50

Question 2.2 RespondentsRequest to Pay provides visibility to payees on theintentions of a payer. Would the increasedvisibility benefit your business? If so, how?

27 respondents answered this question, of which65% of organisations indicated that increasedvisibility to payees on the intentions of payerswould benefit their business.

Respondents highlighted the following benefit areas arising out of the increased visibility that Request toPay would provide:

o Efficiency

o Many highlighted back office efficiency including reconciliation errors, debtmanagement and more. However, this would be dependent of the quality ofreconciliation data. In introducing Request to Pay one respondent argued that ‘it isessential that we do not create a suite of standalone push payments without anautomated reconciliation mechanism.’

o Adaptability

o Some respondents argued that if it can be used in conjunction with DD, as to verify DD,then it can be helpful.

Several downsides were also highlighted (Note: not all are due to increased visibility):

o Suitability

o The suitability of Request to Pay for recurring payments was also questioned with issuesrelating to conflict management between payee and payer over a contested paymentcited as a challenge.

o The intentions of the payer may be distorted if payers choose for instance to declineelectronic Request to Pay payments to pay by other means. This could create falsepositives.

13

8

2

81

1

2

1

4

1

4

7

1

4

0

2

4

6

8

10

12

14

16

18


Would the increased visibility to payees on the intentions of payers benefityour business?

Yes

No

No answer


51

o Operational issues

o Partial payments could prove difficult to manage, particularly from a reconciliationperspective. If the issue of reconciliation is not addressed and individual transactionsflow through to businesses, the impact may be an increase in transactional bankingcosts.

o As payment collections are less certain it may create cash flow issues for businesses.

Question 2.3 RespondentsRequest to Pay will result in increasedcommunication between the payee and the payer.As a payee:

a. Would the increased communicationpresent a challenge? If so, in what way?

83% (20) of the organisations who answered thisquestion indicated that increased communicationwould present a challenge. Only 4 organisationsindicated that it would not present a challenge.

The majority of responses answered ‘Yes’ citing operational challenges leading to a review of IT systemsand processes.

o Increased number of parties

o With the possibility of many Request to Pay providers joining the Request to Pay market,the dispute resolution would be complex as more parties will be involved in the paymentchain.

o Operational and transactional cost

o Although a payer can ignore a bill today, if Request to Pay results in more declined ordelayed payments – or simply requests for contact – this could have result in a greaternumber of operational contacts and costs. This could include; recruitment in call centresand the potentially further issuing of notifications etc. A delay in responding could initself introduce a payment delay.

o Additionally, other respondents raised queries surrounding data storage of transactionsand their associated responses and how firms would need resource focused on insights,analysis and strategy corresponding with this.

2

11

2

9

1

35

4

1

6

2

1

1

0

2

4

6

8

10

12

14

16

18


Would the increased communication present a challenge?

No, it would notpresent achallenge

Yes, it wouldpresent achallenge

No answer


52

Some respondents offered suggestion on improvements that could be made to the design:

o Recurring payment authorisation

o Some respondents would propose consideration is given to the ease with which a payercould swap from the need to authorise each payment to authorising payments on acontinuing mandate or those up to a certain amount. This would offer payers anadditional facility to manage ongoing communication or payments in times when theyare unreachable.

o Multiple actors

o One respondent said consideration is needed where ‘the payer and user are differentpeople, perhaps a parent and child – the payer may value an intervention when themonthly bill exceeds a threshold.’

o Codification vs. free form responses: Increased communication would present a challenge if itwas excessive and free-form. Some respondents recommended a standardised response.

Question 2.3Request to Pay will result in increased communication between the payee and the payer. As a payee:

b. What benefits could you envisage from this increased communication?

Responses largely echoed the benefits outlined in the consultation document surrounding bettercustomer experience and satisfaction due to increased contact.

o Cash flow management and reconciliation

o Currently many small businesses have a difficulty accounting for each outgoing fromtheir business. Having increased information would benefit them as it will help thembetter understand their costs.

o Customer awareness & trust

o Increased payer awareness of their pending liabilities prompting more effective, timelymanagement of their finances.

o Communication through an official secure information channel could also increasecustomer trust and confidence in messages received from payees.

o Provide payers with greater / more up to date information on an account

• For example a loan, a reference could be provided on which payment this is in a seriese.g. 10 out of 12 or depending on customer permissions communicate other items ofinterest to them e.g. product anniversaries, eligibility for different products or a changein product features. Increased communication could enable payers to become morefamiliar with their spending behaviours through increased engagement. Payers/ PSPs canas a result add further value-add service to the payee.


53

Question 2.3 RespondentsRequest to Pay will result in increasedcommunication between the payee and the payer.As a payee:

c. Do you see any additional potentialbenefits resulting from Request to Payother than those described? If so, whichones?

64% (16) of the organisations who answered thisquestion indicated that there are additionalbenefits of RtP.

Alternative uses

o The Request to Pay solution could offer an alternative to debit or credit card payments and thecosts involved (this would depend on the commercial model applied to the service).

o Using the insurance sector as an example, there could be the opportunity to deliver ‘just in time’services. For many insurers there is only one engagement often when the policy is renewedannually. The Request to Pay process could increase the number of touch points for businesseswith their customers.

o The many possible uses for Request to Pay such as charity donations, membership fees (in whichthe ability to reconcile a payment to a member may be particularly useful), peer-to-peerpayments and so forth.

o One respondent (Vendor) suggested: ‘There is a potential to cover one of the very few use casesfor cheque which are not already well-served by other payment mechanisms: the conditionalpayment; an example of this is the school looking to fund a trip, which will only go ahead ifsufficient commitments are made: cheques fulfil this "promise to pay" and it is possible that thisuse case could be an extension of Request to Pay.’

Benefits of reference ID

o Request to Pay could reduce the number of misdirected payments or payments held in suspenseaccounts through the provision of a Request to Pay ID. The use of a unique transaction referencethat is then used throughout the payment end-to-end should also improve the traceability of atransaction and support reconciliation of payments.

12

1

10

2

71 3

1

1

3

21

6

1

6

0

2

4

6

8

10

12

14

16

18


Do you see any additional benefits of RtP?

Yes

No

No answer


54

Channels

o One respondent mentioned the potential channels that it could be used in such as inRemote/Telephone Order scenarios, at Point of Sale (POS) and in the Internet of Things (IoT).

Changes in End-user behaviour

o Dependent on the Request to Pay solution design, it could prevent the need to enter paymentdetails with a payer ‘just’ authorising the payment. For example, where the Request to Payservice links directly to a customer’s payment mechanism when a decision is made to ‘pay all’ or‘pay partial’ the payment details would not need to be entered. Although Secure CustomerAuthorisation may apply.

o Payers could decide to pay for things earlier or make an overpayment.

Some respondents envisage the relationship built between the payee and payer via Request to Pay couldbecome central to further services. Additional services could be: loyalty rewards, discount coupons,artificial intelligence to recommend money management techniques and automated bill managementand payment.

Question 2.4 RespondentsWe have recommended the minimum informationthat should be contained in a Request to Paymessage. As a payee:

a. With the exception of reference ID, areyou able to provide other items ofinformation with every payment request?

17 organisations indicated they can provide otheritems of information, 2 do not and 29 did notrespond.

The answers varied depending on different organisations including:

o Total amount of customer liability

o Warnings of late payment interest and penalties

11

2

11

1

3

1

1

1

4

1

6

4

2

0 2 4 6 8 10 12 14 16 18

Vendor

Trade Body

SME

PSP

Government

Corporate

Consumer

Are you able to provide other items of information with every paymentrequest?

No answer

No

Yes


55

Some respondents pointed out that at this stage it is not clear how and where this data would appearbefore the payer, which could influence the provision of the information e.g. from a data protectionperspective.

Question 2.4 RespondentsWe have recommended the minimum informationthat should be contained in a Request to Paymessage. As a payee:

b. Is there additional information, specific toyour business, that you would have toprovide to payers as part of the Requestto Pay message?

12 organisations indicated they do, 3 do not and33 did not respond.

These answers varied depending on different organisations including:

o One respondent suggested examples such as Vehicle Registration Mark (VRM), dates of taxliability, Vehicle Excise Duty (VED) rates (surcharge information for spreading the payment of taxover the period of liability).

o Some respondents gave an example of National Insurance Number as well as information relatingto the benefit overpayment and repayment period.

o One PSP mentioned the need to quote a purchase order number (to show that the payer hasinternally committed to a budgeted amount under a contract), additionally a customer numberor invoice number is very common commercial practice.

o Consideration that messages on implications of ‘decline’ should be included e.g. contractual andlegal impacts.

13

1

13

2

13

2

1

24

2

1

3

0

2

4

6

8

10

12

14

16

18


Additional information that must be provided to payers as part of the RtPmessage?

Yes

No

No answer


56

Question 2.5We envisage payees stipulating a payment period during which the payer will be required to make thepayment. As a payee, how do you think this payment period might be applied within yourorganisation?

Several respondents pointed out that this already exists currently most billing systems already generate aninvoice that includes a due date. However, others raised concern with this arguing that in somecircumstances payees should have the right to ‘switch off’ the extension as payers ‘seeking to makepayment beyond the due date will be legally liable for interest and in some regimes Late PaymentPenalties.’

Operational challenges

o One vendor respondent explained that uncertainty of payment ‘creates protection risks especiallyon any processes that work on assumed settlement models. With assumed settlement it is easierto batch process ten thousand transactions and dishonour a handful of failed transactions than itis to individually process say nine thousand nine hundred and four transactions individually as themoney is drip fed into us over the course of the window.’

In cases where it was conditionally applicable it was dependent on the value of transaction

o If the Request to Pay also serves as verification and activation of a payment mandate then thefirst payment would need to be made at the point of sale (or when the sale of goods hastransacted). Where the payment relates to taking possession of high value assets (such asvehicles, machinery, equipment etc.) the asset could not be released until the payee hasascertained that future payments would be made.

Applicable on a product-by-product basis

o The use of a payment period would need to be assessed on product-by-product basis prior to anydetailed comment being made on the use of this. In general:

o Credit and risk based products such as mortgages, loans, insurance and credit cards willbe supported by contracts that specify payment parameters in terms of timing, andsometimes method. Any interaction with a customer about a Request to Pay would needto take the cost, service and risk elements into consideration – this is to avoid negativeunintended consequence of customers falling into arrears, or being uninsured etc.

Question 2.6 RespondentsRequest to Pay will offer payers flexibility overpayment time as well as amount and method.As a payee:

a. Does your business model supportoffering payment plans and the ability forpayers to spread their payments? If so,please provide more details as to howthese plans are offered, their conditionsand to which customers.

11 organisations already have business modelsoffering payers the ability for payers to spreadtheir payments, i.e. payment time, amount andmethod, 9 do not and 28 did not provide ananswer to this question.


57

Responses differed depending on size and variety of products offered by organisations as well as the end-users’ ability to pay. Respondents cited that the decision to offer flexibility and to who was based on anumber of factors including:

o Credit risk

o Personal circumstances

o Conditions laid down in regulations on affordability and others. Existing examples include‘payment holidays’ on mortgage products (equally, some customers may make overpayments atsome points).

Some respondents have processes to engage individually with customers who fall into arrears on thesepayments including payment plans. These are individually assessed and offered where it is considered tobe an appropriate solution for both the customer and the PSP.

Another respondent pointed out that as a provider of corporate payee services this can hugely vary. Moresophisticated private organisations (e.g. media) will want a multitude of options whereas the public sectorwill want a much simpler set of options, and some highly regulated industries (e.g. water companies) maynot have options available to them. If a bill is a payment in advance and treated as a credit plan (e.g.telecommunications) late payment 'options' could have credit bureau implications.

12

13

2

10

1

1

2

5

34

3 1

0

2

4

6

8

10

12

14

16

18


Payees with business models which support offering payment plans and theability for payers to spread their payments

Yes

No

No answer


58


b. Do you have a predominant paymentmethod used by your payers? If so, whatpercentage of customers use it?

The predominant payment method used by payersis Direct Debit.

Other methods cited by respondents are creditcards, cash, cheque and Faster Payments.

The responses were predominately Direct Debit, the second highest was card-based transactions. Beloware a brief snapshot of responses:

o Respondent 1 (digital consultancy): ‘On average 60% of water companies collect bills via DirectDebit. For gas/electric companies this figure rises to 75%’

o Respondent 2 (small PSP): ‘Pay by Mobile 100%, cable pay 85% so any changes will impact highDD penetration businesses dramatically.’

o Respondent 3: ‘Approximately 70% of customers pay by cards and 30% by Direct Debit. An overthe counter service is also provided by Post Office where cash, cheque, and cards are taken alongwith the facility to set up a direct debit payment for Vehicle Excise Duty (VED)’

o Respondent 4: ‘The majority (65%) of all payments are made by Direct Debit (30%) or FasterPayments (35%). The vast majority of instalment arrangements are handled by Direct Debit.’

o Respondent 5: ‘Payments are predominantly on a one off basis however, we envisage that theremay be growth in the number of products requiring regular payments. Currently there areapproximately 13 Million Debit Card transactions per year.’

12

13

2

10

1 1

34

4

1

6

0

2

4

6

8

10

12

14

16

18


Do you have a predominant payment method used by your payers?

Yes

No

No answer


59


c. Do you offer your payers a choice ofpayment methods? If yes, whatdetermines how much choice you offer?If not, what are the barriers preventingyou from doing this?

17 organisations offer payers a choice of paymentmethods, 3 don’t and 28 did not respond.Responses highlight an encouragement towardselectronic methods such as Direct Debit, debit andcorporate credit card, BACS/FPS and CHAPS whichare likely to be more secure, easy to use andreduce the likelihood of errors in paymentreferencing.

Responses highlight an encouragement towards electronic methods such as Direct Debit, Debit andcorporate Credit Card, BACS / FPS and CHAPS which are likely to be more secure, easy to use and reducethe likelihood of errors in payment referencing. Commercially, this is a major strategic driver fororganisations in that it reduces both unit costs and bank charges for payments.

For the most part end-users are offered a choice of payment method using Direct Debit, CHAPS andBACS. Direct Debit is the default payment mechanism for most monthly loan and mortgage payments.

4

1

4

5

3

2

1

10

2

13

2

1

0 2 4 6 8 10 12 14 16 18

Vendor

Trade Body

SME

PSP

Government

Corporate

Consumer

Do you offer payers a choice of payment methods?

Yes

No

No answer


60


d. Are there any incentives to use onepayment method over another? If so,what is the rationale?

Direct Debit is the preferred payment method.The main reasons being:

o The lack of maintenance requiredfollowing initial set-up.

o Assurance that the payment will arrive bythe due date.

o High rate of accurate referencing.o Lower administration costs associated

with DD collections compared to cash,cheques and push payments.

o Payees optimise cost service and risk withDirect Debit by differential pricing andpenalty fees where applicable.

Question 2.7 RespondentsA minority of payers may not be able to paywithin the payment period. Through Request toPay they will be able to request an extension tothe payment period.

a. As a payee, do you currently offer yourpayers the capability to extend a paymentperiod, request a payment holiday ormake late payments?

12 organisations indicated they do, 8 indicatedthey do not, and 28 did not respond.

12

12

12

11

1

2

4

1

1

23

1

4

0

2

4

6

8

10

12

14

16

18


Are there any incentives to use one payment method over another?

Yes

No

No answer


61

Responses were mixed. It is important to point out that most small businesses do not offer flexiblepayment options but are often recipients of late payments. Widely, though, many larger businesses andPSPS do offer this flexibility based on the end-user and product/service offering.

Question 2.7A minority of payers may not be able to pay within the payment period. Through Request to Pay theywill be able to request an extension to the payment period.

b. What are the conditions and eligibility criteria under which this is offered?

Several criteria were cited:

o Tenure

o Value

o Overdue period

o Risk

Question 2.7A minority of payers may not be able to pay within the payment period. Through Request to Pay theywill be able to request an extension to the payment period.

c. If you currently don’t, what are the barriers preventing you from offering this capability?

o Most businesses cited an objective to maximise working capital and so offering options such asvariable due dates via push payments are not always attractive. For organisations that are relianton up-front payment for services there would be ERP and resource implications as well ascontractual changes

o Some respondents cited an inability to offer some of the features proposed due to legal orstructural constraints associated with their business model. For example one respondent ‘latepayments and payments holidays can have implications on the terms of a loan, the requirementsfor which are defined in the Consumer Credit Act. In some cases there may be implications on

2

4

3

3

3

2

1

2

11

2

12

2

1

0 2 4 6 8 10 12 14 16 18

Vendor

Trade Body

SME

PSP

Government

Corporate

Consumer

Do you currently offer your payers the capability to extend a paymentperiod, request a payment holiday or make late payments?

Yes

No

No answer


62

the calculation and application of interest. Related to this, some businesses also cited the inabilityto offer multiple payment methods.

o Overall, there was recognition that in some cases there could be barriers to the provision of somefeatures proposed. This was dependent on the product offering and the associated legalframeworks.

Question 2.8 RespondentsRequest to Pay will offer payers the option todecline a request. The purpose of this option is toprovide an immediate alert in case the requestwas received as an error or will be paid by othermeans.As a payee:

a. Would you find this information useful?

17 organisations would find this informationuseful, 2 would not and 29 did not respond.

The majority of respondents answered yes. The usefulness of this would be in providing an explanation asto why the decline was made and if an error had been made. One PSP suggests that the ability to declineand then block a payment could be an indicator of fraud – the codified messaging around this e.g.‘unrecognised payee’ - and the ability to link this to a Financial Crime solution should be considered. Forinstance a decline could trigger an action to notify a fraud dispute/legal team. Consideration must bepaid to relevant regulations on tipping off (Proceeds of Crime Act 2002)

12

12

2

12

1

1

35

5

1

3

0

2

4

6

8

10

12

14

16

18


As a payee, would an immediate alert for a declined request be useful?

Yes

No

No answer


63

Question 2.8 RespondentsRequest to Pay will offer payers the option todecline a request. The purpose of this option is toprovide an immediate alert in case the requestwas received as an error or will be paid by othermeans.As a payee:

b. Do you have any concerns aboutproviding this capability?

16 organisations have concerns about providingthis capability, 3 do not and 29 did not respond.

Most respondents had concerns; these largely centred around:

o Certainty of Payment: Many were concerned with ability for a payer to decline a request to payleading to a spike in end-user refusal to pay and use of decline as a delaying tactic.

o Payer awareness of consequences: To avoid negative impacts on payers, payers need to be madeaware of the consequences of declining a payment from a valid Request to Pay.

o Fraud: Bulk Request to Pay should be monitored for fraud and financial crime purposes to detectand prevent any orchestrated attacks by payees seeking to draw funds by deception, scams etc.

1 2 1

12

2

11

2

1

3 4

3

2

4

0

2

4

6

8

10

12

14

16

18


Do you have any concerns about providing this capability?

Yes

No

No answer


64

Question 2.9 RespondentsDoes the Request to Pay service as describedaddress:

a. The detriments identified in our Strategy?

20 organisations believe that the Request to Payservice as described address the detriments in theStrategy, 4 don’t and 24 did not respond.

Question 2.9 RespondentsDoes the Request to Pay service as describedaddress:

b. The challenges experienced by yourcustomers?

18 organisations agree that RtP addresses thechallenges experienced by their customers, 3don’t agree and 27 did not respond.

9

1

7

2

1

1

1

2

6

2

1

9

3

2

1

0 2 4 6 8 10 12 14 16 18

Vendor

Trade Body

SME

PSP

Government

Corporate

Consumer

Does the RtP service as described address the detriments identified in ourstrategy?

Yes

No

No answer

1 13

8

12

11

1

1

1

4

1

8

1

4

0

2

4

6

8

10

12

14

16

18


Does it address the challenges experienced by your customers?

Yes

No

No answer


65

o The responses here were mixed, with many respondents not convinced that Request to Paywould address detriments more effectively than current communication tools.

o Concerns also related to unintended negative consequences of the increased flexibility such asuncertainty of payment for payers and payees suffering from unfair penalties.

o However, the challenges that Request to Pay may introduce in regard to fraud and financialcrime were also highlighted.

o Increased risk of complicating the process if Request to Pay leads to manual intervention.

On a different note:

o Some respondents mentioned that the provision of additional contextual data e.g. its purpose -with a payment request could help to reduce Financial Crime.

Question 2.10As a payee, considering the information provided in the consultation document,

a. What is the extent of change you think you will need to carry out internally to offer Request toPay?

Key concerns raised by respondents include:

o Significant change implications for systems, processes and commercial arrangements.

o One PSP argues that this is creating a completely new outbound payment request solution acrossmultiple billing systems and channels. The lead in time and testing required would be large as theimpact on multiple business areas i.e. payments, billing, banking, customer experience,collections, IT, customer communications etc.

o This includes changes to legal requirements, call centre management, receivables management,operational processes, financial risk models, fraud models, treasury cash flow, IT providers (oftenoutsourced) and new sales processes. Changes would also be needed to support internal andthird party distribution channels.

o Another respondent (digital consultancy) suggests that impact to banks and payers/payees wouldbe minimal via Open Banking: ‘We have mapped out how Request to Pay could work end to endeven before the NPA is built, using Open Banking. Our evaluation is that there would be noimpact to banks, and minimal impact to billers/payees. Billers would need to be able to export afile of payment requests and PISP could initiate the payments from the payer's account. Billerswould need to modify internal processes to accommodate the increased flexibility given to payersto delay or skip payments.’


b. What challenges do you see that might prevent your organisation adopting Request to Pay?

Respondents highlighted the following commercial challenges:

o An increase in operating costs as well as coordination issues with business stakeholders andwider transformation objectives within particular organisations.

o Ongoing deferral of debt concern

o Compliance with wider regulatory and business environment (including with AML, sanctionscreening and anti-terrorist financing regulations and legislation)


66


c. What is the timeframe you think you will need to be able to offer Request to Pay?

o A time scale of 18 months to 24 months for this kind of project was given by respondents.

o Most pointed out that until the Request to Pay solution is finalised it is difficult to be accurate.

o The timescale will need to take consideration of industry-wide programmes such as Openbanking, GDPR and PSD2.

o It is unlikely that the government would make significant investment decisions without a soundevidence base of proven success and take up rates.

Question 2.11What are the features or rules that could be built into Request to Pay that would make it more valuableto your organisation, or more likely for you to adopt it?

The responses can be summarised as follows:

Clarity surrounding the rules and guidelines:

o Rules whereby every payment is tracked/linked which makes reconciliation and paymentallocation more robust

Fraud:

o Monitoring of bulk Request to Pay to detect fraud

o Perhaps making use of dual verification technology such as a one-time access code that is alreadyin use by financial institutions and e-mail providers - in order to submit the Request to Pay.

IT integration:

o One respondent said: ‘Seamless and straightforward integration into our existing IT architectureand infrastructure (i.e. plug and play approach).’

Functionality:

o Codified responses on a Decline of a payment, Request a Contact or Request for PaymentExtension options to improve communication to payee and inform their response

o Bill prioritisation for instance where a payer is only allowed to pay a particular kind of bill (e.g.gym membership) only after they’ve paid a more critical bill (e.g. mortgage)

o Ability for a payee to provide messaging on the implications of declining, partially paying orextending a payment.

Recurring payments:

o A ‘one-time’ authorisation for regular collections. E.g. ‘payers would be asked to confirm a setamount over a period of time. In theory, it would be the same as the current Direct Debitoffering with an added 1 time authorisation to verify the payer and confirm the payment plan.’


67

Question 2.12 RespondentsWe have highlighted several risks andconsiderations relevant to the delivery of Requestto Pay.As an end-user of Request to Pay:

a. Are there any risks that we have notaddressed or highlighted that would liketo add?

23 organisations indicate there are additional risksto be added, 3 do not and 27 did not provide ananswer to this question.

Respondents listed the following risks:

o The risk of non-adoption by a critical mass of payees - Request to Pay will need a wideacceptance base to address the detriments and offer customers a consistent customer experienceto grow usage.

o Fraud/scam including phishing but also extending to money laundering, sanctions screening andterrorist funding risks.

o Risks of increased indebtedness of vulnerable customers.

o The impact of unplanned variance in payment schedules.

o Impact on large corporate current credit control practices.

o Keeping payer contact information up-to-date.

o Process and underlying rules for handling disputes, complaints and claims handling in relation toRequest to Pay needs to be established at industry level

o In scenarios where Direct Debits are mostly used, if there is an increase in losses and potentiallyincreased transaction costs – this could present the risk of increased costs to the payer andpayee.

o ‘Where there are multiple actors in a transaction it is not clear who gets the Request to Pay. E.g.joint holder accounts. Multiple payers could be involved in transactions e.g. a vehicles registeredkeeper and direct debit mandate holder are often different - who gets the Request to Paycommunication? If one also considers the case of joint accounts, then who is liable in thissituation? Payers may not always be available or able to action their requests - on holiday, inhospital, or overseas forces etc.’ which could lead to confusion.

13 4

1 1

4

1

3

11

1 1

6

12

2

6

0

2

4

6

8

10

12

14

16

18


Any risks not addressed or highlighted that you would like to add?

No more risksto add

Yes, additionalrisks to add

No answer


68

o Wider economic consequences: one vendor respondent argued that the solution could increase‘businesses debtor days, leading to adverse impact to the UK economy and specifically companyliquidity, which may lead to capital adequacy issues for come corporate banks.’

Question 2.12 RespondentsWe have highlighted several risks andconsiderations relevant to the delivery of Requestto Pay.As an end-user of Request to Pay:

b. Are there additional unintendedconsequences that we should consider?

19 organisations indicate there are additionalunintended consequences to consider, 10 do notand 19 did not provide an answer to thisquestion.

Potential unintended consequences raised by respondents include:

o Diminishing of Direct Debit could be a concern for PSPs and corporates

o Payment prioritisation: Risks associated with prioritisation of payments taken by the payer inisolation without proper education of which carries the largest negative financial outcome wherea deferral is required.

o Reputation damage: The PSF may also consider involving bodies like the Trading StandardsInstitute, to assist in defining the clear perimeters between what is a Request to Pay issue, whatis an issue concerning the underlying payment, and importantly, what should sit in the contractbetween the customer and corporate for the service or goods being provided. This must beclearly spelled out to prevent the service becoming a ‘scapegoat’ for contractual issues betweenthe two parties involved.

Additionally, some respondents offered design consideration to the solution:

o The ability for end-users to change selections of payment. For instance in the case of accidentaldeclining of payment they are able to change this.

o Customers should have a choice around which bills they would like to be paid via Request to Payand which they would like to be paid automatically.

5

4

1

6

1

1

7

2

2

5

1

1

6

2

3

1

0 5 10 15 20

Vendor

Trade Body

SME

PSP

Government

Corporate

Consumer

Any additional unintended consequences?

No additionalunintendedconsequences toconsider

Yes, there are additionalunintendedconsequences toconsider

No answer


69

Question 2.13We recognise that additional work needs to be done in identifying potential safeguards includingliability considerations associated with Request to Pay.As an end-user of Request to Pay:

a. What are some of the potential liability concerns that you may have?

Responses have shown that there is a need for a clear liability model reflecting:

o Roles and responsibilities between the payer, payee, PSP and Request to Pay service provider.

o Clear agreement and understanding on where liability sits at different stages in the Request toPay journey.

o This would need to be consistent with current legislation e.g. Payment Services Regulations.

Respondents highlight concerns around:

o How a decline without reason will be managed

o Clarity on liability particularly in the event of fraud/error. There is a risk of the correspondencemechanism being hacked or intercepted by a fraudster either between the payee and the enduser or between the end user and their PSP. In either instance, who would be liable for anypayments subsequently sent to an unintended beneficiary?

o In the event of a mistake and the customer mistakenly accepts the request who is responsible ifboth parties are complicit in the error?

o Customers should be given visibility of their account balance to ensure they have sufficient fundsto pay. Each option the customer has must be clearly laid out and explained to the customer.

o When the customer chooses an option (be it to delay, or pay) they must be told clearly theimpact of making that choice before they confirm. For example, if they choose to delay theymust be told if their next payment will increase by a proportionate amount as a result. Once thepayment is confirmed the customer must be shown a confirmation of what they have agreed to.Should the payment then fail, for whatever reason, the customer must be informed and givenoptions on what next they can do. User experience will be critical to making Request to Pay fairand successful.

o In many scenarios when something goes wrong the customer automatically contacts their bank.Work needs to be done on making the liability model easily understood from a customerperspective.

25 organisations have indicated that they would like to get involved in defining the liability considerationsfor Request to Pay. A workshop was held on the 2nd November 2017 with these representatives from thepayments community to identify Request to Pay liabilities. The liabilities were identified and documentedwith appropriate recommendations and requirements made.


70

Question 2.14As a PSP, do you currently offer real-time balance information to your clients? What information do youoffer them? If not, what are the constraints?

Many respondents mentioned that real-time balance information is already available. One PSP mentionedhowever that there was no clear standard as to what should be included especially in regard totransactions that are not processed in real-time e.g. card-initiated payments. Some of the informationincluded by respondents were as follows:

o Customer bank reference

o Reconciliation charges

o Available funds

o Transactions and pending transactions

Channels in which real-time balance information can be found by PSPs include:

o ATMs

o Online

o Mobile

o Telephone

o Branch banks

Constraints to real-time balance information offered:

o Cases where the PSP has no visibility such as when cheques which are written (clearing cycle). Aswell as off-line/unauthorised card transactions until received for settlement.

41%

12%

47%

PSPs that offer real-time balance information to their clients

Yes

No

No answer


71

Question 2.15We have presented two Confirmation of Payee (CoP) response approaches (Approach 1 and Approach2).

a. As a payer, what would be your preferred approach?b. As a PSP, what would be your preferred approach?

Among respondents, 41% preferred Approach 1 while 24% preferred Approach 2. A total of 10organisations did not prefer either approach, while 3 proposed to have an alternative approach.

In their responses, respondents outlined the advantages and disadvantages of each of the approachespresented.

Approach 1 (Matching) Approach 2 (Playback)Advantages ü Avoids sharing of personal data

with payerü Simplicity which would ease

integration with business rules andsystems*

ü Most useful to end-userü Easier to develop than

Approach 1ü Increased transparency

Disadvantages x Accurate match may prove difficultto obtain

x Minimal value add to end-user incomparison to Approach 2

x Complexity of fuzzy logic and theliability associated to it on thepayee’s PSP

x Data protection and privacy is amajor concern

x Could expose accounts to otherpotential fraudulent activityand abuse

x May need to operate through acentral database model to work

x Confusion where the accountname fed back is different tothe recognised name the payerwas expecting.

41%

24%

35%Approach 1

Approach 2

Neither


72

Question 2.16 RespondentsAs a PSP:

a. Would you be able to offer CoP asdescribed to your customers?

A significant proportion did not answer thisquestion, but of those that did the response waslargely ‘Yes’.

Given that a significant proportion of respondents did not answer this question, analysis on answers tothis question may not be as definitive compared with other questions. However, those that did answerwere largely said ‘Yes’.

o Respondents highlighted the need for collaborative industry-wide participation in the adoption ofCoP.

o Confidence as to whether the solution will be GDPR compliant is a key area of concern for somerespondents in offering CoP.

Recommendations include:

o Listing ‘assured’ payees.

o Review needed on how this would work effectively on analogue/paper channels.

o Many respondents of those that were undecided as to which approach was most suitablesuggested alterations to the current solutions or provided an alternative approach.

o One TPSP argued that existing market solutions can meet the needs addressed by CoP already.

o An API-based CoP solution.

Question 2.16As a PSP:

a. What is the extent of change that you would need to carry out internally to offer CoP?

Many respondents highlighted the need for IT system and process change but that this is dependent onthe approach chosen. Some of which included:

o Updating of digital and outbound payment channels

o In order to be legally complaint PSPs would need to update T&Cs and notify customers

o Internal education and training

9

8

PSPs that would be able to offer CoP asdescribed to their customers

Yes

No answer


73

o Integration with other banks’ customer data via APIs and a central repository was recommendedby multiple respondents

o Industry-wide agreed rules and standards for CoP are needed to ensure its success e.g. thematching function must adhere to a particular criteria.

Question 2.17 RespondentsThe successful delivery of CoP is largely dependenton universal acceptance by all PSPs to providepayee information.As a PSP:

a. Would you participate in a CoP service?

The majority of respondents answered that theywould participate in CoP, with the exception ofone organisation which suggested that CoPshould be voluntary.

The majority of respondents answered that they would participate in CoP, with the exception of oneorganisation which explained that CoP should be voluntary. In addition, some considerations werementioned by respondents as follows:

o Adoption depends on the business case and whether there will be a mandatory regulatoryrequirement for it.

o Data privacy should be taken into consideration.

o Terms and conditions of PSPs will need to be updated.

o Same rules should apply for all PSPs.

The NPSO will need to assess the initial level of participation to ensure success of the service.

The profile and ongoing interest in CoP, by HM Treasury and Which?, is further encouraging its rapiddevelopment and adoption.

9

1

7

As a PSP, would you participate in a CoPservice?

Yes

No

No answer


74

Question 2.17 RespondentsThe successful delivery of CoP is largely dependenton universal acceptance by all PSPs to providepayee information.As a PSP:

b. Are there any constraints that wouldhinder you providing this service?

All 15 organisations who answered this questionsaid that there are constraints to providing thisservice.

All respondents who answered “Yes” cited several constraints that might hinder the provision of CoP.These constraints, as articulated by respondents, are summarised below:

o Complexity of implementation due to the need of a significant change in the IT infrastructure inaddition to increased costs.

o Near universal participation or ubiquity, which is important in order to deliver required benefits.

o Information accuracy as there might be a need to validate it in addition to the presence ofstandards for data maintenance.

o A clear understanding of liability, responsibilities and sanctions.

o Compliance with data protection regulations and customer’s right to privacy.

o A change of law as it might be needed to be able to deliver CoP.

o Non-addressable accounts and the way they will be treated.

o Customer demand as there should be a need for CoP and thus the need for a business case.

o A constraint on third party payment providers/ indirect participants as they will have theresponsibility of providing relevant information.

o A constraint on credit risk agencies as they will need to include all account types.

o The need for variant capabilities to support SLAs.

Some respondents pointed out that specific constraints can be identified once the CoP approach ischosen.

5

10

11

2

2

7

5

5

1

0 2 4 6 8 10 12 14 16 18

Vendor

Trade Body

SME

PSP

Government

Corporate

Consumer

Are there any constraints that would hinder you providing this service?

Yes

No answer


75

Question 2.18The NPA will fully support the functionality for PSPs to provide payment status and tracking.

a. As a PSP, what is the extent of change you think you will need to carry out internally to offerPayments Status Tracking?

Responses varied for this question. Some respondents stated that tracking certain payment types (inparticular FPS) already exists within their systems but will need to be expanded. Some respondents foundit very difficult to implement payment status tracking with the current payment infrastructure and thuspayment status tracking would be easier with the NPA. In terms of the change required, respondentslisted the following points:

o Several respondents thought that a significant change would be required to implement paymentstatus tracking while a fewer number thought it would require a medium level of change.

o The amount of change depends on the PSPs infrastructure. Changes should be made to systemsthat store, process and transmit data and functionalities will need to be built within customerchannels.

In addition respondents mentioned considerations related to payment status tracking, listed below:

o Data protection considerations.

o Integration with existing cross border payments.

o Bulk payments treatment.

o Consequences of having the end originator sitting behind an indirect participant.

Question 2.18The NPA will fully support the functionality for PSPs to provide payment status and tracking.

b. What challenges do you see that might prevent your organisation adopting Payments StatusTracking?

Respondents listed the following points:

o The service is highly dependent on the data provided by the sponsor.

o If this program is not mandated then it will not be implemented as a priority.

o There are potential financial crime and fraud concerns from the availability of trackinginformation. Controls may be required to ensure PSPs comply with the Proceeds of Crime Actand to identify and flag payers who wish to 'opt out'.

o Consideration should be made around payments that are returned.

o There are concerns related to concerning accounts where we cannot track to final destinatione.g. Head Office Collection Accounts for utility companies.

o Clarification is required as to the appropriate payments types that payment status tracking wouldapply to.

o International payments should be considered as consumers mostly worry about their safe receipt.

o Complete industry coverage would be required to maximise the effectiveness of this service.

o Consideration would be required as to how the tracking confirmation is passed or shared withthe customer.

o Consideration will need to be given to the level of transparency and education as to whypayments may be delayed

o There are emerging industry solutions around tracking which could be adopted for end userexperience and operational efficiencies; for example Chaps Track and Trace and SWIFT globalpayment innovation initiative.


76

o Factors that should be considered before implementing payment status tracking includeassessing the real demand in a real-time payments world as well as cost, capacity, complexity anddata protection implications of the ability for a payee to view the movements in a payer’s bankaccount – and potentially seeing too much information.

o Payment status tracking is dependent on the ability of the Payers' PSPs, Payees' PSPs and theunderlying systems. It may be both complex and costly and may not be possible with somesystem suppliers.

o Payment status tracking will be an additional element of the NPA work. It feels more anaspirational development, and the need for it should be reviewed through future architecture /customer experience design work.

o There is a concern around the status of payments that have been held due to a regulatory check(potential crime, terrorist funding etc.) where the payee should not be informed of the hold, i.e.tipping off.

Question 2.19 RespondentsWe have highlighted several considerationsrelevant to the delivery of Assurance Data.

a. As an end-user of Assurance Data, arethere any risks that we have notaddressed or highlighted that you wouldlike to add?

26 organisations responded to this question, ofwhich 14 said there are no more risks to considerand 12 said there are additional risks notaddressed or highlighted already.

Many respondents answered “no”, meaning that they did not identify additional risks. Fewerrespondents answered “yes” while listing the risks below:

o Tracking payments would involve businesses delivering and automated processes noting many donot operate 24/7. In addition, it may be a tool for fraudsters.

o Consideration should be given to providing an environment that allows solutions that may beable to support delivery of Assurance of requesting entities as part of the request mechanism.

13

8

1 1

81

7

1

3

1

5

2

1

5

0

2

4

6

8

10

12

14

16

18


Additional risks?

No more risks toconsider

Yes, there areadditional risks

No answer


77

o There is a possibility for customers to send misdirected payments even with a confirmation ofpayee service. It should be recognised that Confirmation of Payee should help reduce thenumber of payments sent in error but will not fully eradicate the detriment.

o TPSPs need to be included in the delivery of Assurance Data.

o There is a lack of visibility over debit card payments covered at the collaborative level, whichshould be communicated to the end user clearly.

o CoP requests may not result in any payment, and could instead be a ‘white data’ phishingattempt, possibly for fraud reasons. There will need to be an ability to have data errorscorrected/data deleted.

o For Assurance Data to work effectively, appropriate industry standards will need to be in place inorder to determine how the data is defined, stored in a secure manner, and accessed.

o There is a risk around the ability of PSPs to accurately provide 24/7 live status.

o There is ambiguity around the account name that will be used as the assurance data, whether forindividuals and corporates.

o If a firm has switched banks e.g. due to experiencing fraud against them, they may not wish allpayers to know the new account details.

o The need to provide a payee with visibility of an incoming payment in payments tracking servicecomplicates the provision of this service.

o There is no clarity on the PSP’s liability responsibilities especially regarding data protection andprivacy.

o With the development of services for assurance data it is important that there is a robustgovernance, disputes and liabilities management structure.

Question 2.19 RespondentsWe have highlighted several considerationsrelevant to the delivery of Assurance Data.

a. As an end-user of Assurance Data, arethere any unintended consequences thatwe should consider?

24 organisations answered this question. 11 said“No”, and 13 said “Yes”.

4

1

3

2

1

4

1

6

1

1

8

1

1

8

2

3

1

0 5 10 15 20

Vendor

Trade Body

SME

PSP

Government

Corporate

Consumer

Additional unintended consequences?

No more unintendedconsequences toconsider

Yes, there areadditional unintendedconsequences

No answer


78


o Consideration of what happens when an accidental payment is made.

o A lack of common industry rules and standards could result in low ubiquity, inconsistentapplication of the solution and thus an inconsistent end-user experience.

o In approach 2 of CoP there is a risk of phishing if adequate controls are not in place.

o One respondent stated ‘the payment status and tracking journey may be difficult to achieve,especially where banks struggle to maintain full traceability of the payment even within theirown payments landscape. The regulator must be careful in the level of granularity to which itrequires the PSPs to provide the status and tracking functionality’. The respondent went furtherto recommend that payment statuses must be standardises across all PSPs and TPSPs.

Question 2.20As a payer,

a. How would you use Enhanced Data?

Respondents largely echoed the uses/benefits outlined by the consultation document. A small proportionof respondents did not see a clear use for it in their relevant organisations. The following uses werementioned:

o Specific details would enable easier reconciliation.

o The additional data allows payers to inform the payee as to nature and reason the payment ishappening including: debit/credit notes added to payment, bill, delivery note etc. all of which canalso reduce queries regarding payments.

o To enable correct payment allocation by payee

o One respondent mentioned: ‘This could be used in a range of circumstances, for example toexplain entitlements etc. with benefit payment notifications (this could be the key area ofbenefit), supplier payments etc.’

o One PSP respondent mentioned that it would be beneficial in enabling the payer to easilyidentify the payee

o One PSP respondent argued that corporates may use the additional information for marketingand promotional purposes or spam

Question 2.20As a payer,

b. What Enhanced Data would you add to payments?

Many respondents gave multiple examples of data noting that this will become clearer once customermarket research is done. A selection of some responses are as follows:

o Invoice number, order numbers, Financial Account numbers and Billing references.

o For refunds - originating transaction information can be added

o Purchase Order, Vehicle Registration Mark (VRM)

o Entitlement details, payment details, payment periods, appeal information.

o Information on nature and reason for payment, link to URL or web page

o Unstructured multi-line messages/dialogue for P2P payments

Question 2.21


79

As a payee,a. How would you use Enhanced Data?

Improved reconciliation of payments was the most frequently cited use. Others included:

o Improvement in cash allocation.

o Improves transparency and identification in which the different components of individualpayments can be clearly seen by payers.

o Receivables management, credit risk management and collections work and improve customerservice

o Adequate information provided to apply the payment to the correct billing account

o Potential to automatically reconcile payments

o Provide contextual information on a Request to Pay

o To identify indebtedness

If the data is structured then this can be imported to a business’s ERP and later to be used for businessanalysis internally.

Question 2.21As a payee,

b. What Enhanced Data would you add to payments?


o One respondent said: ‘could include explanation of awards and payments and subject toagreement, receipt of claimant information relevant to entitlement e.g. earnings, childcare costsand other relevant expenses.’

o Billing information like Order number, Invoice number, Financial Account number and Productdescription.

o Both structured and unstructured data with an opportunity to personalise a payer experience

o Channel of payment and location in which the payment was made and due date

Question 2.22 RespondentsDoes the Enhanced Data capability as describedaddress the detriments identified in our Strategy?

24 organisations responded to this question. 21organisations said “Yes” and 3 organisations said“No”.


80

A sizeable proportion of respondents mentioned that they are unable to answer the question until the fullscope and schemas of Enhanced Data are defined. Adding that at present the messaging standards in thedocument are too vague and what constitutes this and how participants become compliant is unknown.

One PSP states: ‘In the absence of a clear understanding of what these standards are likely to cover (and,as referenced elsewhere in our response, further definition of the underlying data schemas), we do notbelieve it is possible to fully determine the scope and scale of enhanced data.’

Recommendations offered were:

o One respondent suggested: ‘enhanced information could be modelled on ISO 20022 datastructures that already exist for remittance information. These are well-known, market-testedstructures for remittance information that will provide consistency with remittance informationthat is already being exchanged internationally. They are also compatible with both XML andJSON formats.’

Question 2.23Some changes will be required to enable the loading and retrieval of Enhanced Data. For example,corporates will need to modify the internal systems.As an end-user, what internal change will be needed to allow you to add and receive Enhanced Datathrough the NPA?

Most respondents mentioned significant IT system development would be required but the complexitywould depend on the type and complexity of payment information permitted. As with all new businesschanges, a business case would be needed and internal funding allocated. Some responses included:

o New interfaces for billing and banking systems

o Security checks and controls

o Some respondents showed a preference for structure data in order to best integrate with systemsand provide the most useful insights.

o Back-office data storage needed.

o Internal education and communication for customer-facing and finance team staff

o Extensive changes to downstream systems that receive and pass data

o The data may need to be passed through indirect agencies where needed.

13

9

1 1

9

2 1

25

6

1 1

6

0

2

4

6

8

10

12

14

16

18


Does the Enhanced Data capability as described address the detrimentsidentified in our Strategy?

Yes

No

No answer


81

Question 2.24 RespondentsWe have highlighted several considerationsrelevant to the delivery of Enhanced Data.As an end-user of Enhanced Data:

a. Are there any risks that we have notaddressed or highlighted that you wouldlike to add?

24 organisations answered this question. 4 said“No” and 20 said “Yes”.

Responses included:

o The time lag associated with different parties making the relevant IT changes to implementenhanced data and the costs of this change.

o Risks associated with processes and validating/screening data sent. If these processes are notrobust enough then there is risk of erroneous data being passed on.

o Risk of lack of sufficient up-take of service to justify high cost of implementation

o Compliance with GDPR. For instance the element of ‘the right to be forgotten’.

Recommendation by one respondent was to ensure that personal data is not be in free-form to ensure itcan be located easily for compliance purposes.

2

11

2

9

1

35

4

1

6

2

1

1

0

2

4

6

8

10

12

14

16

18


Are there any risks that we have not addressed or highlighted that youwould like to add?

No, it would notpresent achallenge

Yes, it wouldpresent achallenge

No answer


82

Question 2.24 RespondentsWe have highlighted several considerationsrelevant to the delivery of Enhanced Data.As an end-user of Enhanced Data:

b. Are there any unintended consequencesthat we should consider?

23 organisations answered this question. 12 said“No” and 11 said “Yes”.

Responses included:

o A reduction in efficiency associated with the increase in data load / size of data beingtransmitted.

o As larger amounts of data are to be shared there is higher risk thus proper governance in place isessential to avoid data breach.

o It may alter underlying commercial or contractual terms

Question 2.25We recognise that additional work needs to be done in identifying potential safeguards includingliability considerations associated withEnhanced Data.As an end-user of Enhanced Data:

a. What are some of the potential liability concerns that you may have?

Most responses centred on data protection, privacy and breach issues including:

Liability associated with data loss and breach for all participants including third parties and associatedbrand reputation damage.

16 respondents have indicated that they would like to get involved in defining the liability considerationsfor Request to Pay.

5

1

4

2

1

1

5

2

2

10

1

1

8

1

3

1

0 5 10 15 20

Vendor

Trade Body

SME

PSP

Government

Corporate

Consumer

Are there any unintended consequences that we should consider?

No more unintendedconsequences toconsider

Yes, there areadditional unintendedconsequences

No answer


83

3.2.3 Implementation Plan

Question 3.1Are there any additional principles you think we should add or significant amendments that should bemade to those already stated?

Additional principles:

• Under 'Customer Considerations' – the plan should aim to minimise transition cost implicationsfor end users including the broader business community (e.g. DD originators).

• Insulating customers from change during transition from old to new.

• Deliver the NPA at a cost agreed by the industry and supported by an achievable funding model.

Suggestion of amendments to principles:

• Customer considerations should be in line with stability, ubiquity and consistent customerprotection requirements.

• Needs of payees and payers to be considered as key to addressing the detriments identified.

• Adhere to the principle of "provide optimum benefit for stakeholders."

Question 3.2Are there any additional assumptions you think we should add or significant amendments that shouldbe made to those already stated?

Additional assumptions:

• Clarify assumption that Request to Pay will operate alongside Direct Debit.

• The programme will develop proposals to meet the needs of vulnerable customers throughoutthe implementation.

• The cost of making / collecting a payment will continue to be free for the consumer, and notincrease for corporates, Government and SMEs.

• Maintenance processes would be in place to ensure that relevant elements of 'old' and 'new'systems are kept in sync, e.g. EISCD and CASS.

Suggestion of amendments to assumptions:

• CHAPS is in scope for Confirmation of Payee (CoP).

• Ensure that the benefits of scheme closure are clearly visible at each transition state.


84

Question 3.3 RespondentsDo you agree with the sequence of events laid outin the implementation plan? If not, whatapproach to sequencing would you suggest?

26 organisations are, in principle, supportive withthe sequence of events in the NPAimplementation plan. 7 did not agree. 15organisations did not respond.

The 7 organisations who did not agree with the sequence of events listed some of the followingconcerns:

o The design and build stages for Push CT and bulk payments could be run in parallel given theprocessing and message formats will be the same, allowing for testing and deploymentefficiency.

o Missing element: user education and communication.

o The points at which PSPs will be obliged to accept payments from the NPA will be key in terms ofsequencing and the overall timetable.

o Cost and technical challenges with regards to dual running.

o Recommendation to transition Bacs Direct Debits after ICS.

o Bulk should be delivered either in parallel with or earlier than single payments. Bulk is the areathat most requires updating.

9

1

10

4

2

3

1

1

2

4

1

5

1

3

1

0 2 4 6 8 10 12 14 16 18

Vendor

Trade Body

SME

PSP

Government

Corporate

Consumer

Agreement with sequence of events

Yes

No

No answer


85

Question 3.4 RespondentsDo you agree with the high-level timetable laidout in the implementation plan?

17 organisations agreed with the high-leveltimetable in the NPA implementation plan, 13 donot agree and 18 did not respond.

Some observations from respondents include:

• The transition approach and timetable are key matters for the NPSO to develop in more details,taking into account other external developments and dependencies e.g. the BoE RTGS renewal,PSD2 and Open Banking.

• It might be prudent to set an industry “Go / No Go” decision in 2019 to manage the concernsaround slippage of hard dependencies.

• Greater benefit might be derived from accelerating Faster Payments Bulk Payments overEnhanced Data immediate payments. The B2B sector will gain most value from enhanced data asit addresses pre-existing issues with Bacs standard 18 which is close to being 50 years old.

• Wholesale replacement of payment systems is a significant undertaking, fraught with risk. Theredoes not appear to have been full enough consideration of the need to identify and mitigate themultifarious areas of impact within end user (e.g. business) processes.

Question 3.5Are there any significant potential risks that you think the implementation plan does not consider?

Potential risks that the implementation plan does not consider:

o Risk of delays to the early stages of the programme due to capacity and capability as the NPSO isforming.

o No reference to the Central Securities Depositories Regulations (CSDR) which has significantimpact on the securities market in the UK and Ireland and across Europe.

o Risk of poor quality solutions (as a result of requirements or design issues), delays due tochanging requirements, and participants having differing capabilities to transition to the NPA.

13

1

7

1 13

4

1 1

7

24

66

0

2

4

6

8

10

12

14

16

18


Agreement with the high-level timetable

Yes

No

No answer


86

o Risk that there are insufficient commercial opportunities to encourage the right level ofparticipation from third parties.

Question 3.6 RespondentsDo you agree with our proposed transitionapproach?

25 organisations agreed with the proposedtransition approach, 7 disagreed and 16 did notprovide a response.

Some pertinent comments in response to this question:

o There needs to be further research into end user requirements and product design before thisquestion can be properly answered. This is an area of NPSO responsibility.

o The plans to migrate both bulk electronic payment systems (Faster Payments and Bacs) to theNPA in parallel rather that completing one migration before starting on another would introducesignificant risk of service failure.

o Need to ensure that once parallel run has started there are sufficient incentives to ensure themigration takes place.

9

9

5

2

3

1

1

2

4

1

1

6

3

1

Vendor

Trade Body

SME

PSP

Government

Corporate

Consumer

0 2 4 6 8 10 12 14 16 18

Agreement with proposed transition approach

Yes

No

No answer


87

3.2.4 Cost Benefit Analysis of the NPA

Question 4.1 RespondentsAre there any material quantifiable benefits thathave not been included?

8 organisations provided further suggestions, 21organisations indicated there was no need to addany additional benefits and some are listed belowand 19 organisations did not provide a response.

Suggestions for adding benefits from the 8 organisations are:

o Cost of retiring legacy platforms.

o Increased competition in the payments supply chain leading to cost savings and innovation.

o Potential to sustain, or extend, the UK's lead among global payment systems which provides anexport opportunity.

o Increased infrastructure competition and/or competition between PSPs.

o Reduced annual change costs during the 'run' phase that follows NPA migration.

1

3

1

8 1 1

4

1

2

1

4

1

4

71 8

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%


Additional material quantifiable benefits to be included?

No need to addbenefits

Yes, addbenefits

No answer


88

Question 4.2 RespondentsDo you agree with the cost assumptions withregards to the NPA and each of the overlayservices (Request to Pay, Enhanced Data andAssurance Data)?

9 organisations agree, 21 organisations do notagree but have not provided alternative figuresand 18 organisations did not provide a response.

A variety of explanations were provided with regards to the cost assumptions. Some of them are:

o Costs and timeline of construction and dual-running phase

o Estimate for PSPs appears to be low. PSPs will need to build or procure ISO 20022 gatewayservices and will also need to make substantial change to their internal payments infrastructureand potentially customer channels.

o Estimate for building the new Clearing and Settlement appears low, considering the complexityof building this to cope with several schemes, to be payment type agnostic and given that it isnot something that has been carried out before in the UK.

o PSPs having to change customer channels to facilitate Confirmation of Payee (CoP).

Despite the challenge on the costs, no party has suggested the business case is untenable.

The 22 organisations that did not agree with the proposed costs were contacted requesting furtherdetails. No specific costs were suggested and the challenges were broadly a matter of opinion.

On the basis of the re-engagement, the costs have been kept broadly the same on the following basis:

o Costs will be based on implementation within the API Open Banking ecosystem and these will beless than those of historical implementations

o Whilst it is acknowledged there have been cost overruns in some other similar developments inthe industry, this should not be reflected in the cost estimates as these will therefore beartificially inflated.

o More detailed work is needed before an updated cost model for implementation can bedeveloped, without more detail cost challenges are more a matter of opinion than fact.

4

3

2

8

1

1

7

2

2

4

1

1

7

1

3

1

0 2 4 6 8 10 12 14 16 18

Vendor

Trade Body

SME

PSP

Government

Corporate

Consumer

Agreement with the cost assumptions

Yes

No

No answer


89

Question 4.3 RespondentsDo you agree with our description of thealternative minimum upgrade?

17 organisations agreed, 11 do not agree and 20did not respond to this question.

The 11 organisations who did not agree with the description of the alternative minimum upgrade, stated:

o NPA should capitalise on investment already being undertaken by the industry, and will notcrowd out private investment and innovation that could arise through competitive processes.

o It is highly likely that both Confirmation of Payee, other assurance services and Request to Paywould be delivered within existing infrastructures. Solutions are already being pursued in themarket to allow these services to be delivered ahead of the NPA.If the NPA was not pursued, solutions are achievable on existing architecture. The exception isenhanced data that cannot be delivered effectively on existing structures.

13

1

8

1 1

51

4

1 1

4

1

4

5

7

0

2

4

6

8

10

12

14

16

18


Agreement with the description of the alternative minimum upgrade

Yes

No

No answer


90

3.2.5 NPA Commercial Approach and Economic ModelsQuestion 5.1 RespondentsDoes our competition framework adequatelycapture the types of competition that may exist inpayments?

18 organisations agreed, 3 do not agree and 27did not provide an answer.

Further considerations from the organisations who disagreed:

o Greater clarification required for regulatory requirements for TPSPs.

o Prohibiting infrastructure providers from providing overlay services would be anti-competitive andpotentially detrimental to service users. Such restrictions to competition could breachcompetition law.

o Government commercial strategies need to align with NPA strategy to avoid contradictingdecisions and arrangements, especially if these go beyond 2021.

6

1

11

3 7

1

2

6

5

5

1

0 2 4 6 8 10 12 14 16 18

Vendor

Trade Body

SME

PSP

Government

Corporate

Consumer

Does our competition framework adequately capture the types ofcompetition that may exist in payments?

Yes

No

No answer


91

Question 5.2 RespondentsDo you agree with the NPA competitioncategories described?


2 organisations disagreed with the NPA competition categories described. 1 provided an explanation: TheNPSO’s focus should be on scoping requirements and accrediting participants in ways which maximise theopportunity to promote competition and deliver positive outcomes for end-users.

Question 5.3 RespondentsDoes our framework capture the dynamic rolesthe NPSO may play in the market?


1

5 56

21

6

2

11

1

8

0

2

4

6

8

10

12

14

16

18


Agreement with the NPA competition categories described

Yes

No

No answer

8

1

7

1

2

2

6

1

2

8

4

5

1

0 2 4 6 8 10 12 14 16 18

Vendor

Trade Body

SME

PSP

Government

Corporate

Consumer

Does our framework capture the dynamic roles the NPSO may play in themarket?

Yes

No

No answer


92

Further considerations from the organisations who disagreed:

o The government could be an active stakeholder in product development and sandbox activities.

o There are opportunities for the NPSO to play a significant leadership role in fostering competitionwithin the industry by developing a range of product offerings which will extend beyond thenarrow landscape of the NPA processing model.

o NPSO must be flexible and have the power for greater control over "for the market" vendors.

o Use of ‘market catalysts’ should be rare, and ideally via the use of sandbox and/or externalfunding. Appropriate governance needs to be in place to ensure that the appropriatestakeholders are involved in decided when to exercise such a function.

Question 5.4 RespondentsAre there any other important criteria that weshould use to assess the funding options we haveidentified?

11 organisations indicated other criteria to beused, 11 did not and 26 did not provide ananswer.

Further criteria suggested include:

o Duration of investment, including time period to implement and return investment.

o Tax implications of funding.

o Purpose of investment to determine most suitable funding option.

o Distinguish between external and internal BAU costs.

o Minimise risk of over-relying on a few investors and ensure their financial resilience.

o Include systemic risk options for contingency in case the system, or elements of it, fail.

1

4 5 6

2 1

71

5

1

4

6 5

0

2

4

6

8

10

12

14

16

18


Are there any other important criteria that we should use to assess thefunding options we have identified?

No other criterashould be used

Yes, other criteriashould be used

No answer


93

o Role of the Special Administration Regime can be leveraged to reduce the risk of associated keyvendors.

o Fees charged to end-users should be regulated or capped to ensure end-users do not seesignificant cost increases.

o Flexibility to add additional assessment criteria to the funding model, and for it to change overtime.

Question 5.5 RespondentsDo you agree with our NPA competitionassessment?

11 organisations agreed, 1 does not agree and 36did not provide an answer.

Further considerations include:

o Include the value of economies of scale or scope in assessing efficiencies.

o Impact on downstream competition – this includes accessibility, efficient pricing, and low pricesfor end-users.

o Larger PSPs may not be willing to take up the bulk of development and run costs.

4

1

5

1

1

12

1

2

11

4

5

1

0 2 4 6 8 10 12 14 16 18

Vendor

Trade Body

SME

PSP

Government

Corporate

Consumer

Do you agree with our NPA competition assessment?

Yes

No

No answer


94

Question 5.6 RespondentsDo you agree with our assessment of End-UserNeeds solutions?



o The NPSO could provide guidance on the implementation roadmap, as well as synergies withPSD2 and Open Banking.

o With Open Banking, TPPs will increasingly provide innovative solutions, possibly faster thanexpected, making the market catalyst role less of a requirement.

o The 3 End-User Needs Solutions may not be universal needs.

o The current market for automated reconciliation solutions is still nascent – it is unlikely PSPs willprovide the End-User Solutions for this.

o Greater clarity required with regards to the issue of interoperability.

o Existing architecture can be used to address detriments.

o Level of intervention suggested in the NPA Blueprint is anti-competitive.

1

5 5 5

2

6

2

1

6

10

1

4

0

2

4

6

8

10

12

14

16

18


Do you agree with our assessment of End-User Needs solutions?

Yes

No

No answer


95

Question 5.7 RespondentsDo you agree with our list of fundingstakeholders?



o Funding routes need to differentiate between:

o Common rails and governance,

o Integration / other costs specific to the scheme participant,

o Added value, e.g. service innovation.

o Investors external to the industry would need to have appropriate safeguards and caveats appliedto any investments secured.

o Greater clarity on:

o How a subsidiary of the NPSO would work,

o Where PSPs would be market participants,

o “Other market participants”.

o Determine if the NPSO would envisage not-for-profit initiatives in the future.

7

8

3

3

6

2

2

6

5

5

1

0 2 4 6 8 10 12 14 16 18

Vendor

Trade Body

SME

PSP

Government

Corporate

Consumer

Do you agree with our list of funding stakeholders?

Yes

No

No answer


96

Question 5.8 RespondentsAre there other significant sources of funding ortypes of funding instruments the NSPO couldsecure that have not been described?

9 organisations suggested other significantsources of funding or types of fundinginstruments, 11 did not agree and 28 did notprovide an answer.

Other significant sources suggested by respondents include:

o The government

o Existing guarantors of the NPSO

o Pay to play model

1 2

5

8

2 2

82

4 3

1

55

0

2

4

6

8

10

12

14

16

18


Are there significant sources of funding or types of funding instrumnets theNPSO could secure that have not been described?

No other sourcesof funding

Yes, the NPSOcould secureother sources offundingNo answer


97

3.2.6 Improving Trust in PaymentsPayments Transaction Data Sharing and Data Analytics

In our Strategy, we proposed a Payments Transaction Data Sharing and Data Analytics solution to helpfight financial crime that occurs through the misuse of payments systems. The solution will enablevisibility across different transactional data sources to create a rich data repository and analyticalcapability. The questions presented in this section were aimed at understanding the respondent’s viewson the suggested approach, key principles and participants.

Question 6.1a RespondentsDo you agree with the outlined participantcategories identified for the Payments TransactionData Sharing and Data Analytics strategicsolution?

26 organisations responded to this question, ofwhich 21 agreed and 5 disagreed.

Question 6.1b RespondentsAre there other categories that should beconsidered for inclusion?

24 organisations responded to this question, ofwhich 12 indicated that other categories shouldbe considered for inclusion and 12 indicated thatno more categories should be considered.

2

6

1 1 1

1 41

1

10

1

8

0

2

4

6

8

10

12

14

16

18


Agreement with with the outlined participant categories identified for thePayments Transaction Data Sharing and Data Analytics strategic solution

Yes

No

No answer


98

The relatively large number of “No” responses to this question demonstrates that overall there was broadsupport for the proposed participant categories with some respondents suggesting examples ofparticipants that would come under the proposed categories including:

o Existing financial crime prevention agencies

o PSP’s internal fraud prevention teams

o Credit reference agencies

o Commercial software vendors

o Participants from the cards industry.

o 3rd party PSPs

o The Information Commissioners Office

Four respondents also expressed the requirement that the solution participant categories should not be astatic group and need to be scalable and flexible to support future categories that may emerge such asthose relating to distributed ledger technology and virtual currencies.

Respondents highlighted the need for payments transaction data sharing to be subject to existing legalframeworks and for the strict control of access to non-payment industry participants.

Further comments

Additional comments included the suggestion to consider cross industry data sharing organisations suchas TPSPs (Third Party Service Providers) or data scientist organisations or other custodians of data whocurrently have data sharing mechanisms and may be able to add value that hasn't already been identifiedto date.

2

6

1 13

1

1

3

1

6

1

7

4

0

2

4

6

8

10

12

14

16

18


Are there other categories that should be considered for inclusion?

No

Yes

No answer


99

Question 6.2 RespondentsWhat is your opinion on the role non-paymentsindustry participants should have as part of thePayments Transaction Data Sharing and DataAnalytics strategic solution? (This could includeGovernment, Law Enforcement, or others). Ifappropriate, please outline usage of the system,provision of data to the system, and legalconsiderations for participation.

22 organisations responded to this question intotal.

Many respondents expressed positive views regarding the inclusion of non-payments industry participantsin the strategic solution. All that responded in this way also stressed the critical need for clearly definedlegal controls over data and data privacy issues and how and under what circumstances the non-payments industry participants are able to gain access.

Four respondents provided examples of legislation and governance controls that should be consideredand/or adhered to. These were GDPR, Proceeds of Crime Act, Money Laundering Regulations, the SARSreview, the 4th Anti Money Laundering Directive.

Examples of non-payment industry participants given by respondents were:

o Law enforcement – to request financial information for combating fraud/terrorist activity

o Department for Work and Pensions – to combat benefit fraud

o Other government bodies

o Analytics companies - utilising wide scale unsupervised learning models on large payment datasets

o Bodies responsible for the protection of critical national infrastructure (e.g. GCHQ) – to enablelaw enforcement to supplement and significantly enrich the data and intelligence they hold ontheir own systems

Additionally, three respondents strongly advised consulting with the ICO when designing the solution dueto the data privacy issues raised by the sharing of data.

Other factors highlighted by respondents were:

o Post Brexit impact on compliance to EU regulation i.e. GDPR

o The need to change existing money laundering legislation to enable the easier exchange ofsuspect financial crime data between payment institutions

o Brexit activities taking priority delaying any legislative changes required

Further comments

One comment to highlight:

“It is likely that banks/PSPs will welcome the participation of law enforcement as long as the frameworkfor use of data is clear and access to data is carefully controlled by need. If the system is implementedsuccessfully, banks/PSPs will be able to understand the connected risk of a transaction without having theobligation of seeing and storing non-customer private data (particularly when that data is not for anentity that may not have acted fraudulently). The participant bank/PSP should be able to receive updateswhere other parties identify increased risk post-transaction and should likewise be able to update thesystem when they identify increased risk and to request a transaction is investigated or repatriated - allwithout complicating their own data privacy position.” – Vendor respondent.

This comment is highlighting a valuable benefit of a transaction analytics solution that can enableparticipants to understand the risks of a transaction without necessarily needing to know all the details ofthat transaction. By linking transactions together and enhancing payments messages with financial crimeand risk related data, participants could gain benefit whilst maintaining a simplified data privacy profile.


100

Question 6.3 RespondentsDo you agree with the potential use casesoutlined for the Payments Transaction DataSharing and Data Analytics strategic solution?


The overwhelming majority of respondents agreed with the potential use cases outlined for the PaymentsTransaction Data Sharing and Data Analytics strategic solution.

Those involved in combatting benefit fraud highlighted the need for a fine balance to be struck to ensurethe use of data is appropriate and proportionate, especially in light of GDPR requirements.

A similar view was expressed in regards to support of the proposed SAR’s use case where legal andreputational issues need to be worked through to avoid inadvertent non-compliance or negative impact.

Multiple respondents also expressed the need to ensure that the solution be compliant with legislativerequirements with examples being given such as the EU’s 5th AML Directive (5AMLD), Criminal FinancesAct 2017 and Proceeds of Crime Act.

The point was made by one respondent that law enforcement bodies engaged in using the system willneed to have capacity of skilled resources to make effective use of the proposed strategic solution.

The distinction was also made between the real-time use cases such as fraud alerting and the non-real-time analysis such as anti-money laundering threat analysis and the impact on methods by which existingsolutions for these use cases would integrate with the proposed strategic solution. One respondent alsohighlighted the requirement that for fraud analysis, the system would need to work in real-time, ratherthan near real-time as suggested in section 6.2.6

Additional use cases that were mentioned by respondents included:

o A payer or payee requesting access to their data for the purpose of dispute resolution. Such as apayee claiming non receipt of funds or disputing late payment charges etc.

o Non-security and crime prevention use cases such as marketing or similar purposes. This use casewas mentioned explicitly as one that the system should never be used for.

2 1

7

1 1

1

1

1

1

8

1

12

0

2

4

6

8

10

12

14

16

18


Agreement with the potential use cases outlined for the PaymentsTransaction Data Sharing and Data Analytics strategic solution

Yes

No

No answer


101

Further comments

One respondent suggested that information of the payee account (account number as well as name)should be included in payment messages in order to aid identification of payments where fraud isbelieved to be involved and monies are identified for repatriation to the payer victim.

A separate respondent raised the question of responsibility for investigating alerts raised/identified acrossthe system. Depending on how the solution is implemented, they suggested that there is a potential forsignificant delays to payments if large numbers have to be investigated.

One respondent commented negatively regarding the use of payments data to combat benefits fraud:“There is a suggestion on page 73 of the consultation that payments system data could be used toidentify benefit fraud. [We] believe strongly that payment transmission systems should be neutralbetween different types of end user, and that this proposal should be withdrawn.”

Question 6.4 RespondentsDo you agree with key principles we have outlinedfor the implementation of the PaymentsTransaction Data Sharing and Data Analyticsstrategic solution?

23 organisations responded to this question, ofwhich 18 agreed and 5 were undecided.

A small number of respondents highlighted the need to ensure that the pricing and funding model forthe solution is equitable between all participants of the service so as to ensure that all participants get thefull benefit of the system.

The suggestion was made by one respondent that global payment service providers should beencouraged to be involved to provide insight on how they could be part of a future service.

Further comments

One specific example was raised regarding the need to ensure support for AML/CTF fraud capabilities inthe payment transaction APIs. A respondent detailed that the new Open Banking APIs as defined do notinclude a requirement for the payee’s bank account number to be included in transaction messaging.They pointed out that this will make it very difficult to trace payments across the system.

2

7

1 13

1

3

11

1

6

1

9

0

2

4

6

8

10

12

14

16

18


Agreement with the key principles outlined for the implementation of thePayments Transaction Data Sharing and Data Analytics strategic solution

Yes

Undecided

No answer


102

Whilst not specifically related to the implementation approach, respondents requested that emphasis wasplaced on maximising the solution’s potential by also considering:

o The inclusion of virtual currencies where possible

o The inclusion of payment initiation instructions, prior to PSP involvement

o Cross industry benefits, in particular usage by government, law enforcement and security services

o A similar charging model to cloud services or mainframes where storage and computing arecharges based on usage

o The ability to audit activity

o Clear controls and standards on the parameters of the data analytics

o For data to be interoperable it needs to be standardised and up to date

Question 6.5 RespondentsOther than those already listed, what stakeholdersshould be consulted and engaged during thedesign and implementation of the PaymentsTransaction Data Sharing and Data AnalyticsStrategic Solution?

14 organisations responded to this question intotal.

Respondents suggested that the following stakeholders be consulted and engaged:

o Credit bureaux.

o Other closed user groups for fraud, Insight (Equifax), CAIS (Experian).

o Businesses who have their own internal Fraud Prevention processes.

o Payment service providers who deliver fraud screening solutions.

o Government agencies with a duty to secure national infrastructure.

o Office of Financial Sanctions Implementation.

o The Information Commissioner’s Office.

o HM Treasury.

o The Home Office Payments / Fraud / AML Team / Financial Crime / Cybersecurity / Chief DataOffice / Data Quality internally and their external supporting schemes.

o Consumer groups.

o Data Mining and analytic companies.

o Reference data providers.

o Future stakeholders (those currently applying for banking licenses, software providers electroniccurrency providers).

o Third party payment service providers (TPSPs).

o Data scientists and those in industry with experience of data sharing mechanisms and dataanalytics.


103

Question 6.6 RespondentsDo you agree with the high-level timeline for thePayments Transaction Data Sharing and DataAnalytics strategic solution?


Agreement on the high-level timeline was fairly evenly split by those that responded to this question.

Of those respondents who disagreed with the proposed high-level timeline, the majority suggested thatthe 2019 target for implementation start was overly ambitious. Reasons given for this were:

o The amount of other ongoing mandatory changes which financial institutions are currentlyundergoing

o Insufficient time for institutions to conduct the full cost benefit analysis required to support thedevelopment of any strategic solution.

o There remain outstanding legal and regulatory questions before design can begin

o The need for the NPSO to commence work on the strategic solution in addition to the NPA andcontinue business as usual

o The uncertainty regarding the dependencies over the strategic solution

o Following the solutions detailed design phase in early 2019, it leaves participants only a year todeliver

o PSPs would need to consider the impact of this solution for implementation in their ownbusinesses

It was suggested that a better understanding of the following factors was required in order to betterdefine the timeline:

o Impact of the legal and data privacy challenges

o Outcome from the implementation of the tactical solution

o NPSO timetable and any key dependencies for on time delivery

o Impact from Brexit activities on regulatory and legislative changes

2

9

1 1 11

3

1

52

4

7

0

2

4

6

8

10

12

14

16

18


Agreement with the high-level timeline for the Payments Transaction DataSharing and Data Analytics strategic solution

Yes

No

No answer


104

Of those that disagreed but thought the solution could be implemented in a shorter timeline, the reasonsgiven were:

o It may be possible to develop this sooner using an off-the-shelf solution from secure cloudcomputing providers

o Today we have Distributed Ledger Technologies with KYC capabilities which are becomingmainstream. We should be able to exploit these technologies to bring the timeframe forward

o Most larger businesses have a roadmap beyond 18 months so time scales concerns are alwaysable to be challenged when more detailed requirements are shared

Out of the thirteen respondents that agreed with the high-level timeline, representative comments were:

o Work is needed to ensure that the alignment with other anti-financial crime related initiatives isunderstood. For example, it will be important to consider the fit between the proposed activityand reform of the SARs regime

o It may be challenging for many PSPs due to the parallel running of program elements along withother regulatory programs

o Further assessment for timings should be considered following completion of a design phase,and any re-planning on the NPA architecture or other change programmes where functionalitymight be leveraged

Further comments

There were a small number of respondents that didn’t feel that they could provide a yes or no answer tothis question.

Comments that fall into this category were:

o At this stage we do not feel able to accurately assess whether timescales are sufficient, however,we feel that they are reasonable and allow for the design and delivery phases to incorporaterequirements arising from current legislative changes such as PSD2 and GDPR.

o The timeline will of course be dependent on wider PSP engagement and the successfuldevelopment of a compelling business case to justify the investment.

o More detail on the details of the data sharing would be helpful. This can inform fullconsideration of how data will be shared and used, so as to ensure adherence to laws andregulatory guidance for financial crime compliance.


105

Trusted KYC Data Sharing

In our Strategy, we proposed a Trusted KYC Data Sharing solution to address KYC detriments for SMEcustomers, by the creation of a data sharing framework, underpinned by standards, overseen by agovernance body, and enabled through the use of a testing environment. The questions presented in thissection were aimed at understanding the respondent’s views on the suggested approach and key solutionprinciples.

Question 6.7 RespondentsDo you agree with the establishment of therecommended framework for the sharing andexchanging of a core set of SME customer dataoverseen by a governance body?


Of those who responded to this question, nine respondents gave further details, including those whoagreed and disagreed. The comments are summarised below.

Nine respondents saw additional benefit to expand the solution scope beyond the current focus, andwere supportive that additional use cases for customer data sharing could be explored as the solutionprogresses. The solution’s initial focus will remain on the KYC SME segment, where there are currentdetriments that can be addressed, alongside associated accelerants e.g. the upcoming CMA review.

Several respondents commented on the importance of the solution enabling market innovation. Thisseems supportive of the intent of the solution, which is to establish an environment in which solutionvendors and new entrants can compete and innovate.

The liability model associated with the reliance on the data was mentioned by several respondents as anarea requiring further consideration for successful solution implementation, and was also a theme at theConsultation Briefing event on 5th September 2017.

In particular, respondents reflected on how well the data can be trusted if it has not been verified, andthe usefulness of that data if it still requires verification by the reliant party. Further consideration will alsoneed to be given towards the liability model associated with the use case of acting as a result ofinformation that has been shared, which is later revealed to be incorrect. These questions will need to beconsidered in more detail by the governance body as the solution develops over time; the currentexpectation is that parties using shared data will need to continue to verify the data prior to decisionmaking, as per their current operational processes.

1

8

1

41

3

2

1

8

11

6

0

2

4

6

8

10

12

14

16

18


Agreement with the establishment of the recommended framework for thesharing and exchanging of a core set of SME customer data overseen by a

governance body

Yes

No

No answer


106

Some respondents commented on the importance of ensuring customers, who give permission to shareand consent to use their data, are fully aware of how it is being processed and for what it will be used, aswell as their rights and responsibilities in relation to how data is managed; this relates strongly to GDPRand other legal implications already mentioned within the solution design. As such, the legal frameworkfor sharing customer data and the need for full customer consent for data usage should be given detailedconsideration by the Governance Body, and relates to the way in which participants encourage theircustomers to share their data.

Question 6.8 RespondentsWe are keen to get your input on the benefitsprovided by the framework.

a. Do you agree that the focus on sharing acore set of SME customer data isbeneficial for the KYC processes in yourorganisation?


b. Which other business activities could besupported by / benefit from the describedsharing and exchanging a core set of SMEcustomer data?

12 organisations indicated that other businessactivities could be supported by / benefit from thedescribed sharing and exchanging a core set ofSME customer data.

Most respondents felt that the creation of a data sharing framework was a beneficial first step to worktowards a comprehensive data sharing solution. Of the four respondents that responded with a “no”,their further comments suggested that they either disagreed because they felt the solution should focuson a larger market segment initially, or that the solution should expand over time. This indicates theimportance of a trusted customer data sharing solution, and aligns with the vision of extended use casesemerging over time within the competitive market to provide solutions to a large number of existingindustry challenges.

A summary of the views of individual respondents is outlined below:

o The solution may want to consider inclusion of data requirements for individuals (e.g. forDirectors of companies).

o There may be overlap between AML/KYC requirements and customer authenticationrequirements.

1 1

7

1 1

7

1

1 2

2

8

1

4

0

2

4

6

8

10

12

14

16

18


Agreement that the focus on sharing a core set of SME customer data isbeneficial for the KYC processes in your organisation

Yes

No

No answer


107

o The solution could support any situation where a business must assert its corporate identity.

o The solution could be used in conjunction with financial crime detection and preventionschemes, and could facilitate industry wide AML checks.

o The solution would likely expedite the collection of KYC data, but internal policies may need toshift to accommodate the new functionality. In order to aid this, a timestamp should be madeavailable at field level to indicate whether it is up to date.

o The solution is likely to provide large benefits to SMEs with a complex business structure

o The core datasets may not meet KYC processes for all PSPs. Standardising the onboarding datarequirements may be a beneficial first step, and further consideration could be given toonboarding in situations where only partial information is available. However, this kind ofinitiative has not, thus far, gained traction in the market.

o Data verification services that support the sharing of customer data would yield large benefits.

o Information must be kept secure as it will be a target for fraud.

When considering what further business activities could be supported by the solution, 11 respondentsgave additional comments.

o Fraud screening/financial crime detection and prevention – four respondents agreed that this wasan important use case (possibly alongside centralised AML checking)

o Insurance application

o Landlord & tenant checks

o Vehicle leasing

In addition to these, a few respondents felt the system would have a variety of Open Banking, PSD2 andGov.Verify use cases and other regulator centric use cases. One respondent noted that other non-KYCuse cases may provide greater benefits to SME’s than the current KYC focus.

One respondent suggested that the solution could be used to help to populate SME’s entity profiles for a“golden” source of data for compliance with regulatory requirements.

Two respondents noted that the solution must have excellent data traceability, and one recommendedthat use cases should not be used for monetising contact details; use cases should be related to security.

Question 6.9 RespondentsDo you agree that the topics covered by thestandards will provide sufficient guidance in orderto implement the data sharing framework withoutbeing too prescriptive?



108

Nine respondents gave comments to further explain their answers. There were no common areas whererespondents felt further topics were required to be covered. A summary of respondent comments isoutlined below:

o The standards should outline where regulatory liability lies for verification of core data.

o The standards should include a requirement to include situations where an organisation has hada bad experience, allowing others to catch fraud.

o The standards should cover situations where participants contribute significantly less to thesolution than they use.

Some respondents requested more detail on the implications of existing and forthcoming regulation.

Question 6.10 RespondentsTo engender trust in the sharing and exchangingof a core set of SME customer data, are thereother responsibilities you would expect thegovernance body to have oversight over?

20 organisations responded to this question, ofwhich 17 indicated that there are otherresponsibilities they would expect the governancebody to have oversight over.

Security of data, liability models associated with data verification and data sharing, and overseeing activity(and ensuring compliance with customer permissions) were common themes for several respondents.

Respondents suggested other areas of responsibility that could be expected of the governance body;these are summarised below.

Relating to the theme of compliance with and correct interpretation of the standards:

o Liability management models covering non-compliance, losses from errors in spite of compliance,and associated update of compliance measures. Respondents highlighted the need for moredetails on the consequences for non-compliance.

o Policing consent – ensuring data is used only as consented to by data owners.

o Ensuring regulatory compliance (e.g. with relation to the appropriate use of customer data).

o Provision of guidance on regulatory compliance, and for capturing KYC effectively, and formitigations where incorrect data has been shared.

1 1

8

1

4

1

2

3

7

11

7

0

2

4

6

8

10

12

14

16

18


Agreement that the topics covered by the standards will provide sufficientguidance in order to implement the data sharing framework without being

too prescriptive

Yes

No

No answer


109

Relating to the theme of management of the environment:

o Publishing confirmation that participants have been ‘accepted/accredited’, including maintenanceand annual renewal of publications.

o Customer education and industry customer communications.

o Complaints management – the governance body should be equipped to deal with complaintsabout data or solution misuse.

The following features were also mentioned by respondents, but already form part of the existingsolution definition:

o Oversight of data security and usage. This includes ensuring that the solution is seen to be secureto promote security and trust with end users.

o Accreditation and security of data storage.

One respondent recommended that the governance body have a clear structure and processes foragreeing new standards, and would welcome greater details of the accountability of the governancebody, its staffing and funding models.

One respondent recommended that, when considering the composition of the governance body, datacustodians could be included.

Question 6.11 RespondentsIn your view, do any existing bodies (industry orother), already perform this oversight role?

19 organisations responded to this question, ofwhich 7 indicated “yes” and 12 indicated “no”.

Is there an existing body you believe shouldperform this role, or would you expect a newbody to be established?

17 organisations responded to this question.

All respondents agreed that no current entity that exists completely provides this oversight, especiallygiven this is an unprecedented level of collaboration across the industry.

Many of the respondents felt a new body should be created. Some felt that existing bodies could bepotential candidates by expanding slightly their current remit. A summary of the suggested existingbodies are detailed below:

o UK Finance

2 1

9

1 1

42

3

1

6

4

3

0

2

4

6

8

10

12

14

16

18


Do any existing bodies (industry or other), already perform this oversightrole?

Yes

No

No answer


110

o NPSO – some felt this was preferable to UK Finance as this governance may not be a tradeassociation activity

o The Information Commissioner’s Office (ICO)

o A body outside payments organisations could be considered e.g. London Stock Exchange (LSE)provides Legal Entity Identifier (LEI) registration services

o European bodies e.g. International Organisation for Standardisation (ISO) and eIDAS regulation

o The Tax Incentivised Savings Association (TISA) initiative governance body could be utilised andexpanded from its current remit with individuals to include the SME market

o Payment Systems Regulator (PSR) could be a candidate as the solution relates to data in thepayments industry

These views will be considered further to determine an appropriate recommendation by the solutiondelivery body.

One respondent commented that, regardless of who this body is, they could liaise with Cifas or CreditReference Agencies to share best practice, utilise learnings from other initiatives e.g. ISO, eIDAS orGov.Verify in the UK. Another respondent recommended that the new body should work with the JointMoney Laundering Steering Group (JMLSG), Office for Professional Body AML Supervision (OPBAS) andICO for transparency.

Question 6.12 RespondentsDo you think a temporary testing environment asdescribed is the right approach?

19 respondents answered this question, of which18 indicated “yes” and 1 indicated “no”.

One respondent recommended that the testing environment was monitored so that activity remainedwith consumer best interests at heart. This aligns with the outlined roles and responsibilities of thegovernance body.

In comments from respondents, it was noted that management of the solution once the temporarytesting environment is removed should be considered carefully; some respondents felt the temporarytesting environment should be retained to promote ongoing innovation and prevent restriction of accessto the market for new participants.

1 1

10

1 1

4

1

3

5

1

9

0

2

4

6

8

10

12

14

16

18


Do you think a temporary testing environment as described is the rightapproach?

Yes

No

No answer


111

Some respondents indicated that benefits to value-added service providers will continue to emerge as thesolution moves towards implementation.

Question 6.13 RespondentsAre there any other key features you wouldexpect in the temporary testing environment?

12 organisations answered this question, of which2 indicated that there are other key features theywould expect in the temporary testingenvironment and 10 said “no”.

Most respondents felt that the temporary testing environment, as described, incorporated the mainfeatures that would be expected.

The following potential features were noted by respondents:

o One respondent recommended that other GDPR and PSD2 compliance requirementsunconnected with KYC/AML should be included, e.g. Data Handling and Strong CustomerAuthentication principles.

o One respondent recommended that the testing environment could have functionality similar to“GitHub”. Being able to provide access control, collaboration and easier change/releasemanagement may encourage more innovation.

One respondent noted that clear selection and success criteria to gain entry to the test environmentshould be established for optimal use of resources and for custodians of data to make effective decisions.Two respondents commented that the ambition should be that new technologies could be rapidly testedwithout lengthy approval processes that may slow down innovation. These comments seem to align withthe role of the governance body who will oversee participation, whilst ensuring the environmentpromotes innovation.

One respondent highlighted that the testing environment should not be temporary; its continued usewould enable better access to market for new participants.

31

13

1 2

5

2

1

3

6

0

2

4

6

8

10

12

14

16

18


Are there any other key features you would expect in the temporary testingenvironment?

No other keyfeatures suggested

Yes, other keyfeatures suggested

No answer


112

Question 6.14 RespondentsDo you agree that value-added service providerswould benefit from the data sharing environmentenabled by the framework?


Five respondents gave further commentary, but focused on the conduct and compliance of participantsrather than expanding further upon the benefits; these comments are summarised below.

One respondents mentioned that the conduct of participants should be closely monitored to ensurecompliance with the standards and data owner permissions. This seems to match the role of thegoverning body.

One respondent noted that tipping off and ownership of data must be carefully handled, and anothercommented that the environment should consider carefully the role and interests of consumers, who arethe data owners and users of data-derived services.

One respondent recommended that consideration is given whether to use centralised or distributedrepositories of data. However, the solution is only looking to establish customer data sharing standards,and as such architectural considerations will be for participants to determine as they see fit.

31

11

1 1

5

1

1

5

1

7

0

2

4

6

8

10

12

14

16

18


Agreement that value-added service providers would benefit from the datasharing environment enabled by the framework

Yes

No

No answer


113

Question 6.15 RespondentsAre the arguments put forward compellingenough to encourage net data providers toengage?

13 organisations responded to this question ofwhich 11 agreed and 2 disagreed.

The two respondents that disagreed raised the following concerns, that they felt needed to be addressed:

o The benefits of using customer data for, e.g. marketing campaigns, compared with theassociated costs of doing so.

o Finding an appropriate balance between encouraging large financial institutions to share theircustomer data for commercial purposes, versus the need to protect their customer data.

o Given the cost of KYC (as well as ongoing monitoring and analysis) may be large, especially forfinancial institutions, there needs to be an incentive for them to share their valuable data.

o A commercial model should be considered for the benefits and cost recovery for net dataproviders, as benefits and costs are likely to vary per participant.

o Potential exacerbation of liability and data reliance concerns when in a commercial market.

2 1

10

1 1

9

1

1

1

5

1

4

0

2

4

6

8

10

12

14

16

18


Are the arguments put forward compelling enough to encourage net dataproviders to engage?

Yes

No

No answer


114

Question 6.16 RespondentsDo you see other advantages or challenges for netdata consumers that were not listed above?

12 organisations responded to this question, ofwhich 6 indicated “yes” and 6 indicated “no”.

Three respondents suggested additional challenges, a summary of these are outlined:

o Risk management

o Liability concerns

o Confidence in reliance on the data provided

o Reliance of organisations on the framework and the data provided without other establishedprocesses to fall back on

o Data quality

One respondent felt that utilising the framework to outsource technical security requirements relating toStrong Customer Authentication could be an advantage. This could be a use case that sits on top of theproposed solution framework, but would not be part of the core solution design.

1 1

10

1 2

10

3

3

3

3

0

2

4

6

8

10

12

14

16

18


Do you see other advantages or challenges for net data consumers thatwere not listed above?

No other advantages orchallenges suggested

Yes, other advantages orchallenges suggested

No answer


115

Question 6.17 RespondentsDo you agree with the high-level implementationtimeline for the Trusted KYC Data Sharingsolution?


Responses to this question were largely mixed:

o 11 respondents felt the timeline was “rightly ambitious”

o Two felt greater ambition was needed to speed up timelines (potentially through utilisinglearnings from existing initiatives)

o Two felt that a 2 year implementation time was unrealistic for large organisations, which typicallyalready have implementation plans stretching for the next 18 months.

The following comments were made about the proposed timelines:

o One response commented that the proposed activities and sequence were seen as correct.

o Two respondents noted that timelines could be challenging due to parallel running with otherinitiatives, leading to challenges in resource availability and priority management.

o One respondent stated that utilising lessons learnt from other initiatives could mean thattimelines after H2 2018 could be expedited.

o One respondent cautioned that the timelines should not impose industry obligations that aredetrimental to other parts of the NPA being competitively procured, but gave no indication as towhether the proposed timeline would potentially cause this detriment.

o One respondent suggested that signing up participants to the framework, and gaining industryadoption, could take longer than expressed in the current plan.

o One respondent noted that shared KYC data may take time to reach a consistent high quality.

o Two respondents commented that legal implications (particularly GDPR) could slow downtimelines. One suggested that it may be worth establishing the legal framework prior to finalisingimplementation plans.

Those who recommended more aggressive timelines did not cite reasons.

1 1

10

1 1

42 1

4

1

6

5

0

2

4

6

8

10

12

14

16

18


Agreement with the high-level implementation timeline for the TrustedKYC Data Sharing solution

Yes

No

No answer


116

Question 6.18 RespondentsAre there other initiatives with a similar focus thatshould be considered in order to deliver theTrusted KYC Data Sharing solution?

13 organisations responded to this question, ofwhich 9 indicated that there are other initiativesthat should be considered.

Five respondents commented that they felt there was no overlap with existing industry initiatives. Sixrespondents gave indications of where they felt there was potential linkage to other initiatives, and thesecomments are summarised below:

o Two respondents suggested this solution had links with the TISA individual identificationinitiative.

o One respondent felt there were potential links to HMRC’s “Making Tax Digital” programme, andthat it may be important to have regulators such as the PSR, Financial Conduct Authority (FCA),Bank of England (BoE) and ICO fully engaged.

o One respondent felt there were areas of crossover/learning such as Pan-European initiatives,public sector initiatives, ISO and ICO

o One respondent suggested that there may be links to the Global LEI System (GLEIS) – the LEIOperating Units handle registration, validation and maintenance of reference data.

o One respondent recommended that the solution have a strategic plan to consider futuretechnologies (e.g. Distributed Ledger) that may become pertinent to a data sharing solution inthe near future.


117

3.3 Appendix 3 – Improving Trust in Payments SolutionUpdates

Five of our ‘Improving Trust in Payments’ solutions were not included in our ‘Blueprint for the Future ofUK Payments’ consultation. This section provides an update for each of these solutions.

3.3.1 Liability Models for Indirect AccessOur Strategy highlighted the need for greater clarity regarding financial crime risk liability betweenindirect PSPs and the banks/FIs who provide them with account services and access to payment systems.

We sought to gather a broad cross section of views on the issues faced by indirect PSPs to obtain bankaccount services and access to payment systems via providers (generally banks). We issued ourquestionnaires to the payments community on 3rd July 2017 with all responses received by earlySeptember 2017. You can see the full questionnaires here2.

We analysed the questionnaire responses and developed a proposed set of next steps. We held aroundtable with payments community trade body representatives on 11th October 2017 to discuss ourfindings and proposals, resulting in a proposed handover approach, final solution proposals andrecommended actions. Access to the full solution report which includes results from our questionnairesand our full set of solution proposals can be found here3. This solution completed handover to UKFinance in November 2017.

3.3.2 Guidelines for Identity Verification, Authentication and RiskAssessment

Our Strategy highlighted the need for guidelines for identity verification and management to assistPayment Service Providers, especially new entrants, to establish suitable processes and controls. During2017, we created a detailed scope document, outlining the content for the proposed guidelines, andhow this ties in with the current state of UK legislation with regard to identification and verificationmanagement.

We completed our work on this solution during June 2017, creating deliverables that will be the basis ofthe development of the Guidelines. Formal handover to UK Finance has now completed, and they willtake the solution to completion by commissioning the new guidelines, and overseeing the testing,validation and refinement of the guidelines.

3.3.3 Customer Education and AwarenessOur Strategy endorsed the current industry initiative for customer education and awareness on financialcrime and fraud. We recommended that the payments industry should strongly support and engage inthe current programme, and that particular consideration be given to the fast-changing nature of somefraud types, and that the payments industry seek to collaborate extensively to be more cost effective ineducating society.

On 31st March 2017, the ownership of this solution was handed over to FFA UK, to continue to raisecustomer awareness and help prevent more customers falling victim to financial crime. This activity hassubsequently moved into UK Finance along with FFA UK. In October 2017, the second phase of their‘Take Five’ campaign was successfully launched, with further activity planned for 2018.

2 You can find the full questionnaires at the following address: https://implementation.paymentsforum.uk/access-account-services-questionnaires3 You can download the Liability Models for Indirect Access solution report at the following address:https://implementation.paymentsforum.uk/blueprint


118

3.3.4 Financial Crime Data and Information SharingThe ‘Financial Crime Intelligence Sharing’ solution to deter and prevent criminal activity in paymentssystems and to reduce some of the friction affecting good consumers, as set out in our Strategy, hasbeen reviewed and refined, resulting in a clearer focus and description of ‘Financial Crime Data andInformation Sharing’.

The solution handover has now completed and UK Finance will carry it forward as part of their detailedanalysis and planning for activity over the next two years. This will include activity to: create a moreeffective model and roadmap for financial crime data and information sharing, building on the successfulexisting fraud data sharing model; examine options and help establish a stronger industry capacity andcapability on financial crime data and information; and work with the government to develop a moreeffective legal framework on data and information sharing for the purpose of detecting and preventingall types of financial crime.

3.3.5 Enhancement of Sanctions Data QualityOur Strategy highlighted the advantage that can be gained from higher quality identifiers for sanctionslist entries. Enhancing the quality of the sanctions list entries would lead to fewer false positive matchesagainst genuine customers, and a greater chance of identifying bad actors. During 2017, we met withHMT to identify steps to progress the case for enhanced data quality for sanctions list entries.

Handover for this solution to UK Finance is now complete, and they will take forwards our proposals byliaising between Government and the payments industry. UK Finance will work with HMT and thepayments community to outline a clear set of examples where the quality of sanctions list entries iscausing detriments to organisations, and identify a clear set of next steps of remedial action asappropriate. It will also look for any opportunities for linkage to the New Payments Architectureprogramme.

consultation assessment report - paymentsforum.uk · 03/07/2017 · 1.3 improving trust in payments...

Documents